Which of the following phishing techniques is most likely to occur as a result of DNS poisoning? (Select the
best answer.)

A.
vishing

B.
pharming

C.
whaling

D.
dumpster diving

Explanation:
Pharming is the phishing technique that is most likely to occur as a result of Domain Name System (DNS)
poisoning. Phishing is a social engineering technique in which a malicious person uses a seemingly legitimate
electronic communication, such as email or a webpage, in an attempt to dupe a user into submitting personal
information, such as a Social Security number (SSN), account login information, or financial information.
Pharming is used to retrieve sensitive information by directing users to fake websites. Malicious users can
direct users to fake websites through DNS poisoning or host file manipulation. Both DNS and host files are
used to crossreference Uniform Resource Locators (URLs) and IP addresses. When a user specifies a URL,
either a DNS server or the local host file converts it to an IP address so that requests can be forwarded to the
correct location. Both a DNS server and a host file can be altered so that users are directed to websites that
appear authentic but instead are used for malicious information gathering. These phony websites often ask
users for passwords or other sensitive information. A pharming attack is not effective unless a user voluntarily
provides information to the website.
Whaling is a type of spear phishing attack used to retrieve sensitive information from highranking executives of
a corporation. Spear phishing is a form of phishing that targets specific individuals. Spear phishing is
considered whaling when it specifically targets highranking executives of a corporation, such as chief executive
officers (CEOs) or chief financial officers (CFOs). To mitigate the effects of a phishing attack, users should use
email clients and web browsers that provide phishing filters. In addition, users should also be wary of any
unsolicited email or web content that requests personal information.
Like whaling and pharming, vishing is another form of phishing that is used to obtain sensitive information.
Vishing accomplishes its goal through the use of voice communication networks. Perpetrators of vishing
attacks use a variety of methods to retrieve information. For example, an attacker might spoof phone numbers
of legitimate businesses in order to deceive a victim. An attacker might also use a misleading voice or email
message that instructs the potential victim to contact a phony call center that is masked as a legitimate
business. After telephone communications are established, the perpetrators will attempt to coax sensitive
information from users, such as credit card or bank account numbers.
Dumpster diving is an attack in which malicious users obtain information that has been thrown in the trash.
Dumpster divers seek to recover discarded documents that might contain sensitive information such as account
login credentials, passwords, or bank account numbers. To prevent unauthorized users from obtaining
information from discarded documents, individuals and companies should shred documents containing
confidential data before disposing of such documents.

Cisco: Protect Against Social Engineering: Security Awareness Is a Vital Defense