__________________ is defined as using and manipulating human behavior to obtain a required result.
It typically involves NON-TECHNICAL methods of
... [Show More] attempting to gain unauthorized access to a system or network. Correct answer- Social engineering
Through social engineering, an attacker might easily lead a user to reveal her account password or to provide personal information that might reveal her password, a technique known as ____________________. Correct answer- eliciting information
________________________ is when a social engineer calls a helpdesk operator, who claims to be a high-level user, and demands that the operator reset the user's password immediately so that the user can complete an important task. Correct answer- Impersonation
_______________ is a technique in which a social engineer creates a story, or pretext, that employs one or more of these principles to motivate victims to act contrary to their better instincts or training. Correct answer- Pretexting
A __________________ scam is a social engineering technique that targets a large group of recipients with a generic message that attempts to trick them into either visiting a website and entering confidential personal information, responding to a text or SMS message (known as ___________), or replying to an e-mail with private information, often a username and password, or banking or credit card details. Correct answer- phishing / smishing
_____________________ is a targeted type of phishing attack that includes information familiar to the user and appears to be from a trusted source such as a company such as a financial service that the user has used previously, a social media site such as LinkedIn, or even a specific trusted user. Correct answer- Spear phishing
_________________ are important tools to protect against phishing attacks. Users must be aware that financial institutions will never ask for bank account numbers and credit card details in an e-mail to a user. Correct answer- User education and awareness training
______________ is a type of phishing attack that is targeted at a specific high-level user, such as an executive. Correct answer- Whaling
________________ is when an unauthorized person casually glances over the shoulder of an employee as she returns to her desk and enters her username and password into the computer. Correct answer- Shoulder surfing
_____________________ is one of the simpler forms of social engineering and describes gaining physical access to an access-controlled facility or room by closely following an authorized person through the security checkpoint. Correct answer- Tailgating
_____________ is a social engineering technique that misdirects a user to an attacker's website without the user's knowledge, usually by manipulating the Domain Name Service (DNS) on an affected server or the hosts file on a user's system.
While much like phishing, where a user may click a link in a seemingly legitimate e mail message that takes him to an attacker's website, pharming differs in that it installs code on the user's computer that sends them to the malicious site, even if the URL is entered correctly or chosen from a web browser bookmark. Correct answer- Pharming
__________ is instant messaging spam, and much like the more common e-mail spam, it occurs when a user receives an unsolicited instant message from another user, including users who are known and in the user's contact list. Correct answer- SPIM (spam over instant messaging)
_______________ is a type of phishing attack that takes place over phone systems, most commonly over VoIP (Voice over IP) lines. Correct answer- Vishing
A _________ is typically some kind of urban legend or sensational false news that users pass on to others via e-mail because they feel it is of interest.
While mostly harmless, some are phishing attempts that try to get the user to visit a link in the e-mail message that redirects to a malicious website. The only cure is user education as to avoid spreading these types of messages to other users. Correct answer- hoax
As part of corporate espionage, some companies hire private investigators to examine garbage dumpsters of a target company, and these investigators try to discover any proprietary and confidential information. This is called __________________. Correct answer- Dumpster diving
You have been contacted by your company's CEO after she received a personalized but suspicious e-mail message from the company's bank asking for detailed personal and financial information. After reviewing the message, you determine that it did not originate from the legitimate bank. [Show Less]