Which two activities are examples of social engineering? (Choose two)
A. receiving call from the IT department asking you to verify your username/password to maintain the account
B. receiving an invite to your department’s weekly WebEx meeting
C. sending a verbal request to an administrator to change the password to the account of a user the administrator does know
D. receiving an email from MR requesting that you visit the secure HR website and update your contract information
E. receiving an unexpected email from an unknown person with an uncharacteristic attachment from someone in the same company
I would say A&E.
In another source I read the same question and it says email from HR.
Not sure if they wrote it here as a typo.
What is MR in this context
I think it is AE. D has you go to a the HR web site to update… It does not say that the email provided the web site so you would be going to a non hack web site.
A D is correct i think,
Because A is falsifying and lead to trap.
D is Receiving email can be phishing because it act as HR and false URL link can be included in the link to redirect
E is not correct because , the mail which we received from unexpected email from an unknown person – this mismatching phishing definition – By looking we can say it is SPAM/SCAM email. so not phishing
I think it is A, D .. the key here is (from MR) not HR Email
I would choose A and E(phishing) but D is kind of tricky if HR server is compromised it would be an option but it says Secure Server, although the email requesting to access a website still phishing
For reference:
The following are examples of social engineering:
Calling users on the phone claiming to be IT, and convincing them that they need to set their passwords to particular values in preparation for the server upgrade that will take place tonight
An individual without a badge following a badged user into a badge-secured area (“tailgating”)
Leaving a USB key that is infected with silent, Windows Autoplay-initiated malware that “phones home” in a public area
Developing fictitious personalities on social networking sites to obtain and abuse “friend” status
Sending an email enticing a user to click a link to a malicious website (“phishing”)
Visual hacking, where the attacker physically observes the victim entering credentials (such as a workstation login, an ATM PIN, or the combination on a physical lock)
Phishing is a common social engineering technique.
I do believe that ” E = possible spam email phishing for information ” equals to a social engineering attempt.
But “D” is also doggy…
It says: ” Visit the secure HR website and update your CONTRACT information ?? I wish I could update my salary so easy…
If the question says CONTACT, then E is more relevant to a social engineering attempt
Regarding C (sending a verbal request) = that the person saying this to you is close to you (the order is not via the phone), hence can not consider as an answer for social engineering.
A and C 😉
It has to be A&E, E = possible spam email phishing for information.
@ Marky
Question asking for social engineering hence “E” can not consider as an answer
– Phishing is one of the easiest and most widely used social engineering attacks, where the attackers send spoofed emails