A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user’s host:
Old `hosts’ file:
127.0.0.1 localhost
New `hosts’ file:
127.0.0.1 localhost
5.5.5.5 www.comptia.com
Which of the following attacks has taken place?
A.
Spear phishing
B.
Pharming
C.
Phishing
D.
Vishing
Explanation:
We can see in this question that a fraudulent entry has been added to the user’s hosts file. This will point the URL: www.comptia.com to 5.5.5.5 instead of the
correct IP address. Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain
spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming ‘poisons’
a DNS server (or hosts file) by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere. Your browser, however willshow you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with
an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.
Incorrect Answers:
A: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail
messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from
a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source
of the e-mail is likely to be an individual within the recipient’s own company and generally someone in a position of authority. In this question, host file poisoning is
used rather than email. Therefore, this answer is incorrect.
C: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering
private information that will be used for identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank
account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page.
In this question, host file poisoning is used rather than email. Therefore, this answer is incorrect.
D: Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized
entities. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by
voice email, VoIP (voice over IP), or landline or cellular telephone. In this question, host file poisoning is used rather than voice. Therefore, this answer is incorrect.http://www.webopedia.com/TERM/P/pharming.html
http://searchsecurity.techtarget.com/definition/spear-phishing http://searchunifiedcommunications.techtarget.com/definition/vishing http://www.webopedia.com/
TERM/P/phishing.html