Which of the following attacks targets high level executives to gain company information?
A.
Phishing
B.
Whaling
C.
Vishing
D.
Spoofing
Explanation:
Whaling is a specific kind of malicious hacking within the more general category of phishing, which
involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on
collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or
others in powerful positions or job titles.
Hackers who engage in whaling often describe these efforts as “reeling in a big fish,” applying a familiar
metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those
who are engaged in whaling may, for example, hack into specific networks where these powerful
individuals work or store sensitive data. They may also set up keylogging or other malware on a work
station associated with one of these executives. There are many ways that hackers can pursue whaling,
leading C-level or top-level executives in business and government to stay vigilant about the possibility of
cyber threats.
Incorrect Answers:
A: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate
enterprise in an attempt to scam the user into surrendering private information that will be used for
identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information,
such as a password, credit card, social security, or bank account numbers, that the legitimate organization
already has. The website, however, is bogus and set up only to steal the information the user enters on
the page.
Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of
people, the “phisher” counts on the email being read by a percentage of people who actually have an
account with the legitimate company being spoofed in the email and corresponding webpage.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait
is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.
Phishing is not specifically targeted toward high-level executives.
C: Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into
revealing critical financial or personal information to unauthorized entities. Vishing works like phishing
but does not always occur over the Internet and is carried out using voice technology. A vishing attack can
be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone.
The potential victim receives a message, often generated by speech synthesis, indicating that suspicious
activity has taken place in a credit card account, bank account, mortgage account or other financialservice in their name. The victim is told to call a specific telephone number and provide information to
“verify identity” or to “ensure that fraud does not occur.” If the attack is carried out by telephone, caller
ID spoofing can cause the victim’s set to indicate a legitimate source, such as a bank or a government
agency.
Vishing is not specifically targeted toward high-level executives.
D: There are several kinds of spoofing including email, caller ID, MAC address, and uniform resource
locator (URL) spoof attacks. All types of spoofing are designed to imitate something or someone.
Email spoofing (or phishing), used by dishonest advertisers and outright thieves, occurs when email is
sent with falsified “From:” entry to try and trick victims that the message is from a friend, their bank, or
some other legitimate source. Any email that claims it requires your password or any personal
information could be a trick.
Spoofing is not specifically targeted toward high-level executives.http://www.webopedia.com/TERM/P/phishing.html
http://searchunifiedcommunications.techtarget.com/definition/vishing