An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public area overlooking several Automatic Teller Machines
(ATMs). It is also believed that user accounts belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely taken
place?
A.
Shoulder surfing
B.
Dumpster diving
C.
Whaling attack
D.
Vishing attack
Explanation:
The CCTV camera has recorded people entering their PINs in the ATMs. This is known as shoulder surfing.
Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is an effective way to get
information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, oruse a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent
shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.
Incorrect Answers:
B: Dumpster diving is looking for treasure in someone else’s trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving
is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn’t limited to searching through the
trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or
organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. This is not what is described in this
question.
Therefore, this answer is incorrect.
C: Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In
general, phishing efforts are focused on collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful
positions or job titles. Hackers who engage in whaling often describe these efforts as “reeling in a big fish,” applying a familiar metaphor to the process of scouring
technologies for loopholes and opportunities for data theft. Those who are engaged in whaling may, for example, hack into specific networks where these powerful
individuals work or store sensitive data. They may also set up keylogging or other malware on a work station associated with one of these executives. There are
many ways that hackers can pursue whaling, leading C-level or top-level executives in business and government to stay vigilant about the possibility of cyber
threats. This is not what is described in this question. Therefore, this answer is incorrect.
D: Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized
entities. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by
voice email, VoIP (voice over IP), or landline or cellular telephone.
The potential victim receives a message, often generated by speech synthesis, indicating that suspicious activity has taken place in a credit card account, bank
account, mortgage account or other financial service in their name. The victim is told to call a specific telephone number and provide information to “verify identity”
or to “ensure that fraud does not occur.” If the attack is carried out by telephone, caller ID spoofing can cause the victim’s set to indicate a legitimate source, such
as a bank or a government agency. This is not what is described in this question.
Therefore, this answer is incorrect.http://searchsecurity.techtarget.com/definition/shoulder-surfing http://www.techopedia.com/definition/28643/whaling
http://searchunifiedcommunications.techtarget.com/definition/vishing