Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is
being described?

A.
Phishing

B.
Tailgating

C.
Pharming

D.
Vishing

Explanation:
Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized
entities. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by
voice email, VoIP (voice over IP), or landline or cellular telephone.
The potential victim receives a message, often generated by speech synthesis, indicating that suspicious activity has taken place in a credit card account, bank
account, mortgage account or other financial service in their name. The victim is told to call a specific telephone number and provide information to “verify identity”
or to “ensure that fraud does not occur.” If the attack is carried out by telephone, caller ID spoofing can cause the victim’s set to indicate a legitimate source, such
as a bank or a government agency.
Vishing is difficult for authorities to trace, particularly when conducted using VoIP. Furthermore, like many legitimate customer services, vishing scams are often
outsourced to other countries, which may render sovereign law enforcement powerless.
Consumers can protect themselves by suspecting any unsolicited message that suggests they are targets of illegal activity, no matter what the medium or apparent
source. Rather than calling a number given in any unsolicited message, a consumer should directly call the institution named, using a number that is known to be
valid, to verify all recent activity and to ensure that the account information has not been tampered with.
Incorrect Answers:
A: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering
private information that will be used for identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank
account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page.
Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people, the “phisher” counts on the email being read by a
percentage of people who actually have an account with the legitimate company being spoofed in the email and corresponding webpage. In this question, Jane
uses the telephone so this is an example of vishing rather than phishing. Therefore, this answer is incorrect.
B: Tailgating in IT security would be an unauthorized person following and authorized person into a building or room such as a datacenter. If a building has a card
reader where an authorized person can hold up a card to the reader to unlock the door, someone tailgating could follow the authorized person into the building by
walking through the door before it closes and locks. This is not what is described in the question. Therefore, this answer is incorrect.
C: Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than
being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming ‘poisons’ a DNS server by
infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere. Your browser, however will show you are at the correct Web
site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows
the scammers to target large groups of people at one time through domain spoofing. This is not what is described in the question. Therefore, this answer is
incorrect.

http://searchunifiedcommunications.techtarget.com/definition/vishing http://www.webopedia.com/TERM/P/phishing.html

http://www.webopedia.com/TERM/P/pharming.html