HOTSPOT
Select the appropriate attack from each drop down list to label the corresponding illustrated attack.
Instructions: Attacks may only be used once, and will disappear from drop down list if selected. When you have
completed the simulation, please select the Done button to submit.
Hot Area:
Answer: See the explanation.
Explanation:
Wrong answers.
Right answers are:
Whaling
Hoax
Vishing
Spam
Pharming
12
1
Agreed
1
0
1 probably is whaling
spear phishing. In this
attack, the social engineer targets the phishing e-mail specifically toward an individual or associated
group (think “the accounting department of company X”), instead of being generic
enough to target many people at once. In the phishing e-mail, the attacker will often use
information that can be linked to the victims, such as personal information the attacker has
already gathered by some other means.
Whaling is a variant of phishing, where the social engineer sends the phishing e-mail to a
high-value target instead of the masses. Usually, whaling attacks target senior executives
and others in important positions. These types of attacks involve much higher stakes,
because senior personnel in the organization have information that may be considered
more critical and of higher value to an attacker. Like phishing, whaling attacks can deliver
a malicious payload or gather sensitive information.
1
0
on second thought it probably IS spear phishing because Whaling usually only applies to a single person like the CEO, but this mentions several people.
it’s just semantics.
0
0
This site (https://www.lifewire.com/what-is-whaling-2483605) uses the plural “executives” when describing who is attacked in a Whaling attack, so I think Whaling is probably correct, however it caveats it with:
“Note: Spear phishing is a phishing attack against someone specific, like an individual or company. Therefore, whaling may also be considered spear phishing.”
So if all these peeps are in the same company, then Spear Phishing is definitely a plausible answer….
0
0
Spear Phishing targets a specific “group”
0
0
I don’t think it has anything to do with individuals or groups.
I think the key to understanding ‘spear phishing’ is to focus on the attacker versus the target. In ‘spear phishing’ the attacker pretends to be someone the target knows and trusts.
In ‘whaling’ the target is a specific key figure/s. So whaling can be considered either phishing or spear phishing attacks depending on whether the attacker pretends to be someone who knows the target (phishing) or pretends to be someone the target knows and trusts (spear phishing).
So I think the answer is ‘whaling’ because it doesn’t mention that the attacker is pretending to be someone the target knows.
0
0
With these exam questions it’s a common tactic to throw in a potential answer that is plausible but not the “best” answer. Given that whaling IS a type of Spear Phishing, and the attack vector clearly states the attacker is using confidential information in the attack, the combination of these two facts (attacker using confidential info, to high level execs) IS the textbook definition of Whaling. Never mind that Whaling is a type of Spear Phishing, of the two possibilities Whaling is more accurate.
Per Wikipedia (almost verbatim what the question describes)
Whaling. The term whaling has been coined for spear phishing attacks directed specifically at senior executives and other high-profile targets
0
0
Wouldnt 4 be phishing? and not spam..
0
0
I wouldn’t think so Emily. Phishing is malicious and this just states that people have opted out of advertisements and they are still receiving them. Like all those ads for crap you get in your inBox (or SPAM folder).
2
0