5.2 Social Engineering Attacks Against Passwords

Social engineering attacks are a type of cyber-attack that uses deception to manipulate individuals into divulging confidential information or performing an action that leads to data breaches. Passwords are often targeted in social engineering attacks because they provide a means for attackers to access sensitive data. In this lesson, we will focus on four common types of social engineering attacks against passwords:

  1. Phishing attacks: Phishing attacks are the most common type of social engineering attack. They involve sending fake emails or messages that appear to be from a trusted source, such as a bank or company, and tricking users into providing their login credentials or other sensitive information.
  2. Pretexting attacks: Pretexting attacks involve an attacker posing as someone else, such as a trusted colleague or a customer service representative, to obtain sensitive information or access to a system. The attacker may use a variety of tactics to gain the victim's trust, such as pretending to be in a position of authority or offering a reward for the victim's cooperation.
  3. Baiting attacks: Baiting attacks involve enticing victims with a promised reward or incentive, such as a free download or a gift card, to click on a malicious link or download a file that contains malware. Once the malware is installed, the attacker can gain access to the victim's login credentials or other sensitive information.
  4. Shoulder surfing: Shoulder surfing is a low-tech method of stealing passwords that involves watching someone enter their password on a computer or mobile device. The attacker may stand close to the victim, use binoculars or a camera to capture the victim's keystrokes from a distance, or use other methods to gain access to the victim's password.

To protect against social engineering attacks, it is important to be aware of the various tactics that attackers use and to implement best practices for password security, such as using strong and unique passwords, enabling two-factor authentication, and staying vigilant for suspicious emails, messages, or phone calls. Additionally, employees should receive regular training on how to recognize and respond to social engineering attacks, and organizations should have a clear incident response plan in place to quickly address any data breaches that may occur.

Quizes for Topic 2:

Single
Choice
Multiple
Choice
"Free"
Choice
Sorting
Choice
Matrix 
Sorting
Fill in the
Blank
Assessment
(Survey)

What is a phishing attack?

An attack that involves looking over someone's shoulder to steal their password
An attack that involves sending a fraudulent email to trick the recipient into providing sensitive information
An attack that involves creating a fake website to trick the user into providing their password

What is pretexting?

An attack that involves calling the victim and pretending to be someone else to gain access to sensitive information
An attack that involves tricking the victim into downloading malware by disguising it as a harmless file
An attack that involves creating a fake website to trick the user into providing their password

What is baiting?

An attack that involves leaving a physical object infected with malware in a public area to tempt people to pick it up and use it
An attack that involves calling the victim and pretending to be someone else to gain access to sensitive information
An attack that involves looking over someone's shoulder to steal their password

What is shoulder surfing?

An attack that involves creating a fake website to trick the user into providing their password
An attack that involves calling the victim and pretending to be someone else to gain access to sensitive information
An attack that involves looking over someone's shoulder to steal their password

Which of the following social engineering attacks involves creating a sense of urgency or panic to pressure the victim into taking immediate action?

Phishing
Pretexting
Baiting

Which of the following is a type of social engineering attack?

Virus
Firewall
Password manager
Phishing
All of the above

What is a phishing attack?

A type of fishing sport
An attack that involves baiting a victim with a physical object
An attack that involves pretending to be a trustworthy entity to obtain sensitive information
An attack that involves pretending to be a police officer

What is pretexting?

An attack that involves creating a fake pretext to gain a victim's trust and obtain sensitive information
An attack that involves pretending to be a trustworthy entity to obtain sensitive information
An attack that involves physically following a victim to obtain sensitive information
D) An attack that involves shoulder surfing to obtain sensitive information

What is baiting?

An attack that involves physically following a victim to obtain sensitive information
An attack that involves creating a fake pretext to gain a victim's trust and obtain sensitive information
An attack that involves pretending to be a trustworthy entity to obtain sensitive information
An attack that involves leaving a physical object that is infected with malware to be picked up by a victim
An attack that involves making a victim feel uncomfortable or unsafe

What is shoulder surfing?

An attack that involves creating a fake pretext to gain a victim's trust and obtain sensitive information
An attack that involves physically following a victim to obtain sensitive information
An attack that involves pretending to be a trustworthy entity to obtain sensitive information
An attack that involves looking over someone's shoulder to obtain sensitive information
An attack that involves sending malicious emails to a victim.

The act of looking over someone's shoulder to obtain sensitive information is known as ______ .

shoulder surfing
Hint:
shoulder surfing

______  involves the creation of a fake scenario or false narrative in order to obtain sensitive information from a target.

pretexting
Hint:
pretexting

______  is a type of social engineering attack that involves luring a victim with a fake or desirable item in order to obtain sensitive information.

baiting
Hint:
baiting

______  is a type of social engineering attack that involves the use of fraudulent emails or websites to trick a victim into divulging sensitive information.

phishing
Hint:
phishing

______  is the process of attempting to obtain sensitive information through the use of deception or manipulation of individuals.

social engineering
Hint:
social engineering

Sort the following items by the importance of the definition of social engineering attacks:

Shoulder surfing
Pretexting attacks
Baiting attacks
Phishing attacks
Importance of password security
Hint:
Shoulder surfing
Pretexting attacks
Baiting attacks
Phishing attacks
Importance of password security

Sort the following items by importance of common types of social engineering attacks against passwords:

Pretexting attacks
Baiting attacks
Shoulder surfing
Phishing attacks
Importance of password security
Hint:
Pretexting attacks
Baiting attacks
Shoulder surfing
Phishing attacks
Importance of password security

Sort the following items by importance of best practices for password security:

Using strong and unique passwords
Enabling two-factor authentication
Avoiding suspicious emails, messages, or phone calls
Staying vigilant
Importance of regular training
Hint:
Using strong and unique passwords
Enabling two-factor authentication
Avoiding suspicious emails, messages, or phone calls
Staying vigilant
Importance of regular training

Sort the following items by the importance of how to protect against social engineering attacks:

Being aware of various tactics attackers use
Implementing best practices for password security
Recognizing and responding to social engineering attacks
Having a clear incident response plan
Importance of staying vigilant
Hint:
Being aware of various tactics attackers use
Implementing best practices for password security
Recognizing and responding to social engineering attacks
Having a clear incident response plan
Importance of staying vigilant

Sort the following items by the importance of the importance of regular training and incident response plan:

Regular training on recognizing and responding to social engineering attacks
Having a clear incident response plan
Importance of staying vigilant
Implementing best practices for password security
Being aware of various tactics attackers use
Hint:
Regular training on recognizing and responding to social engineering attacks
Having a clear incident response plan
Importance of staying vigilant
Implementing best practices for password security
Being aware of various tactics attackers use

Please match the following definitions:

Phishing attacks
Deception through electronic communications
Pretexting attacks
Deception through impersonation
Baiting attacks
Deception through offering something enticing
Shoulder surfing
Deception through observation
Hint:
Phishing attacks ➢ Deception through electronic communications
Pretexting attacks ➢ Deception through impersonation
Baiting attacks ➢ Deception through offering something enticing
Shoulder surfing ➢ Deception through observation

Please match the following definitions:

Phishing attacks
Deception through electronic communications
Pretexting attacks
Deception through impersonation
Baiting attacks
Deception through offering something enticing
Shoulder surfing
Deception through observation
Hint:
Phishing attacks ➢ Deception through electronic communications
Pretexting attacks ➢ Deception through impersonation
Baiting attacks ➢ Deception through offering something enticing
Shoulder surfing ➢ Deception through observation

Please match the following definitions:

Phishing attacks
Deception through electronic communications
Pretexting attacks
Deception through impersonation
Baiting attacks
Deception through offering something enticing
Shoulder surfing
Deception through observation
Hint:
Phishing attacks ➢ Deception through electronic communications
Pretexting attacks ➢ Deception through impersonation
Baiting attacks ➢ Deception through offering something enticing
Shoulder surfing ➢ Deception through observation

Please match the following definitions:

Phishing attacks
Deception through electronic communications
Pretexting attack
Deception through impersonation
Baiting attacks
Deception through offering something enticing
Shoulder surfing
Deception through observation
Hint:
Phishing attacks ➢ Deception through electronic communications
Pretexting attacks ➢ Deception through impersonation
Baiting attacks ➢ Deception through offering something enticing
Shoulder surfing ➢ Deception through observation

Please match the following definitions:

Phishing attacks
Deception through electronic communications
Pretexting attacks
Deception through impersonation
Baiting attacks
Deception through offering something enticing
Shoulder surfing
Deception through observation
Hint:
Phishing attacks ➢ Deception through electronic communications
Pretexting attacks ➢ Deception through impersonation
Baiting attacks ➢ Deception through offering something enticing
Shoulder surfing ➢ Deception through observation

Fill in the blank:

The act of looking over someone's shoulder to obtain sensitive information is known as {shoulder surfing}.

Hint:
shoulder surfing

Fill in the blank:

{pretexting} involves the creation of a fake scenario or false narrative in order to obtain sensitive information from a target.

Hint:
pretexting

Fill in the blank:

{baiting} is a type of social engineering attack that involves luring a victim with a fake or desirable item in order to obtain sensitive information.

Hint:
baiting

Fill in the blank:

{phishing} is a type of social engineering attack that involves the use of fraudulent emails or websites to trick a victim into divulging sensitive information.

Hint:
phishing

Fill in the blank:

{social engineering} is the process of attempting to obtain sensitive information through the use of deception or manipulation of individuals.

Hint:
social engineering

On a scale of 1-5, how familiar are you with phishing attacks?

Not at all familiar {[1] [2] [3] [4] [5]} extremely familiar

How confident are you in your ability to detect a pretexting attack?

Not at all confident {[1] [2] [3] [4] [5]} extremely confident

Have you ever fallen for a baiting attack?

{[Yes] [No] }

On a scale of 1-5, how concerned are you about shoulder surfing?

Not at all concerned {[1] [2] [3] [4] [5]} Extremely concerned

How often do you change your passwords?

{[Rarely/never] [Every few months] [Every few weeks] [Every few days] [Every time I use them]}
Copyright © TrueTandem