Professional Documents
Culture Documents
Silvestre, Angelica Activity2
Silvestre, Angelica Activity2
BSCPE 3-1
Questions:
What is baiting? Did you click on the USB drive? What happened to the victim’s system?
Baiting is a kind of attack where a social engineer will use a false promise or reward
to trap victims and steal their sensitive information by infecting their system with malware. Baits
are very attractive and enticing, not to mention manipulative, and their end goal is to infect your
system and gain access to personal information. If I click on the USB drive, malware will be
automatically installed on my computer system.
What is Shoulder Surfing? What device was used to perform the shoulder surfing? What
information was gained?
Shoulder surfing is the term used to describe one person observing another person’s
computer or mobile device screen and keyboard to obtain sensitive information. Direct
observation can be done by simply looking over someone’s shoulder – hence shoulder surfing –
or using binoculars, video cameras (hidden or visible), and other optical devices. Typically, the
objective of shoulder surfing is to view and steal sensitive information like username and
password combinations that can be later used to access a user’s account. Credit card numbers,
personal identification numbers (PIN), sensitive personal information used in response to security
questions (like middle name and birth date used for password recovery) are also targeted.
What is Pretexting? What type of information did the cybercriminal request? Would you
fall victim?
Questions:
In this phishing example, what is the ploy the attacker uses to trick the victim to visit the
trap website? What is the trap website used to do?
Phishing attacks are the practice of sending fraudulent communications that appear to
come from a reputable source. It is usually performed through email. In this attack, the attacker
creates a website that is virtually identical to the legitimate website of a business the victim uses,
such as a bank. When the user visits the page through whatever means, be it an email phishing
attempt, a hyperlink inside a forum, or via a search engine, the victim reaches a trap website
which they believe to be the legitimate site instead of a fraudulent copy.
What is the difference between phishing and spear phishing or whaling?
While phishing schemes are typically mass mailings, spear phishing is a more targeted
and customized attack. The bad guys will do a little research and find out specific information
about the target. It may be from the company website, social media, financial reports, or industry
sources. With the information in hand, they will customize an email to make it appear more
legitimate. Meanwhile, Whaling is a form of spear phishing aimed at “whales” at the top of the
food chain. Whaling targets CEO’s, CFOs, and other high-level executives. This type of cyber-
attack is big business for the hackers.
Step 3: Explore Scareware and Ransomware
Questions:
What data does the attacker claim to have in this example? Would you fall for this
deception?
The attacker claims to have the victim’s confidential information such as logins and bank
details. If this happen to me, I might not fall for this if I know that I don’t click any unknown email
or sites and also if I don’t give any information about myself.
What is the attacker requesting the victim do to get the data back?
The attacker requests the victim into paying a ransom by restricting access to the infected
device or threatening legal action in order for him to get the data back.
What is tailgating?