A+ 1201 2.5 social engineering attacks, threats, and vulnerabilities

What is it called when someone tries to view sensitive information by looking over your shoulder?

shoulder surfing

An employee receives an email pretending to be from their bank asking them to click a link and verify their account. What type of attack is this?

phishing

A victim gets a call from someone pretending to be IT support asking for their login credentials. What attack is happening?

vishing

A user receives a text message claiming they won a prize and must click a malicious link to claim it. What is this attack called?

smishing

A conference attendee scans a QR code posted on a wall, which redirects them to a fake login page. What kind of phishing attack is this?

qr code fishing

A targeted email is sent to a finance employee pretending to be from the CFO, asking for a wire transfer. What type of phishing is this?

spear phishing

An attacker targets the CEO with a fake invoice email that appears legitimate. What is this attack type?

whaling

An attacker follows an employee into a secure building by pretending they forgot their badge. What is this called?

tailgating

An attacker dresses as a delivery person to gain access to a secure floor. What social engineering tactic is used here?

impersonation

An attacker looks through discarded documents in a trash bin to find sensitive information. What attack is this?

dumpster diving

A company’s website becomes unavailable because a server is overwhelmed with fake traffic from a single source. What attack is happening?

DoS

A company’s website is taken offline because thousands of infected computers simultaneously flood it with traffic. What is this attack?

DDoS

A rogue Wi-Fi hotspot is set up to trick users into connecting to it, stealing their traffic. What type of threat is this?

Man in the middle

An attacker exploits a vulnerability in a program before the vendor releases a patch. What attack is this?

Zero Day

An attacker sends emails with forged sender addresses to look like they’re from a trusted source. What’s this attack called?

spoofing

An attacker secretly intercepts and modifies communication between a user and a server. What type of attack is this?

An attacker repeatedly tries thousands of passwords to break into an account. What’s this attack method called?

brute force

An attacker uses a dictionary of common words instead of random guesses to crack a password. What attack is this?

dictionary brute force

A trusted employee steals sensitive company data and sells it to competitors. What type of threat is this?

Insider threat

A web application is tricked into executing malicious SQL commands via a login form. What is this vulnerability called?

SQL injection