Text Size:   A+ A- A   •   Text Only
Site Image
Social Engineering (including Phishing) - Test Your Knowledge
The easiest way for an attacker to get information from an organization, or an individual, is often through trickery and deceit. This might include the use of e-mails ('phishing'), phone calls ('phone phishing') or even impersonation to trick someone into giving out sensitive information, or giving the attacker access to a secure area.
Take this short quiz to see how well you understand this subject.

Question 1: You're rushing to complete a set of reports on a Friday afternoon when someone from your IT department calls and asks you to tell them about some network settings so that they can fix a fault. Do you:
Give them some of the information but not all of it?
Refuse to give the information over the phone and hang up?
Ask for their number and offer to call them back in a couple of minutes?
Report it as an attack to your security staff?
Question 2: You're approaching a security door at work and you see someone struggling with a pile of files and papers. The person is wearing a photo ID badge, and all of the files are from your organization. What should you do?
Apologize, but refuse to let them in and walk through on your own.
Since they have photo ID, they must be a co-worker so let them in.
It's polite to help, so hold the door open for them.
Question 3: 'Social engineering' and 'identity theft' are just different terms for the same thing.
Question 4: Social engineers wll always try to get you to reveal a password. True or False?
Question 5: You receive an e-mail from your bank asking you to visit a page on their website and enter your account details to confirm your identity. Do you:
Ignore the e-mail.
Phone your the bank to confirm that's what needs to be done.
Check the URL (address) and - if it's from the bank - do what the e-mail says.