A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a
phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several
users. This is an example of which of the following attacks?

A.
Vishing

B.
Phishing

C.
Whaling

D.
SPAM

E.
SPIM

Explanation:
Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private
information that will be used for identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank
account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page.
Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people, the “phisher” counts on the email being read by a
percentage of people who actually have an account with the legitimate company being spoofed in the email and corresponding webpage.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait is thrown out with the hopes that while most will ignore the
bait, some will be tempted into biting.
Incorrect Answers:

A: Vishing is the telephone equivalent of phishing. Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that
will be used for identity theft. The scammer calls the victim, usually pretending to be a legitimate business and fools the victim into thinking he or she will profit. The
question states that a fake link was sent to several users (probably by email). Therefore, this is not the correct answer.
C: Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In
general, phishing efforts are focused on collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful
positions or job titles. Hackers who engage in whaling often describe these efforts as “reeling in a big fish,” applying a familiar metaphor to the process of scouring
technologies for loopholes and opportunities for data theft. Those who are engaged in whaling may, for example, hack into specific networks where these powerful
individuals work or store sensitive data. They may also set up keylogging or other malware on a work station associated with one of these executives. There are
many ways that hackers can pursue whaling, leading C-level or top-level executives in business and government to stay vigilant about the possibility of cyber
threats. The question states that a fake link was sent to several users (probably by email). As the email was sent to general users rather than upper management,
this is not the correct answer.
D: Spam is most often considered to be electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email.
However, if a long-lost brother finds your email address and sends you a message, this could hardly be called spam, even though it is unsolicited. Real spam is
generally email advertising for some product sent to a mailing list or newsgroup.
In addition to wasting people’s time with unwanted e-mail, spam also eats up a lot of network bandwidth. Consequently, there are many organizations, as well as
individuals, who have taken it upon themselves to fight spam with a variety of techniques. But because the Internet is public, there is really little that can be done to
prevent spam, just as it is impossible to prevent junk mail. However, some online services have instituted policies to prevent spammers from spamming their
subscribers. Spam is usually marketing for legitimate businesses, not fake imitation web sites. Therefore, this is not the correct answer.
E: SPIM is a term sometimes used to refer to spam over IM (Instant Messaging). It’s also called just spam, instant spam, or IM marketing. No matter what the
name, it consists of unwanted messages transmitted through some form of instant messaging service, which can include Short Message Service (SMS). The
question states that a fake link was sent to several users (probably by email). Therefore, this is not the correct answer.

http://www.webopedia.com/TERM/P/phishing.html
http://www.webopedia.com/TERM/V/vishing.html
http://www.techopedia.com/definition/28643/whaling
http://www.webopedia.com/TERM/S/spam.html