Purchasing receives an automated phone call from a bank asking to input and verify credit card
information. The phone number displayed on the caller ID matches the bank. Which of the
following attack types is this?

A.
Hoax

B.
Phishing

C.
Vishing

D.
Whaling

Explanation:
Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into
revealing critical financial or personal information to unauthorized entities. Vishing works like
phishing but does not always occur over the Internet and is carried out using voice technology. A
vishing attack can be conducted by voice email, VoIP (voice over IP), or landline or cellular
telephone.
The potential victim receives a message, often generated by speech synthesis, indicating that
suspicious activity has taken place in a credit card account, bank account, mortgage account or
other financial service in their name. The victim is told to call a specific telephone number and
provide information to “verify identity” or to “ensure that fraud does not occur.” If the attack is
carried out by telephone, caller ID spoofing can cause the victim’s set to indicate a legitimate
source, such as a bank or a government agency.

Vishing is difficult for authorities to trace, particularly when conducted using VoIP. Furthermore,
like many legitimate customer services, vishing scams are often outsourced to other countries,
which may render sovereign law enforcement powerless.
Consumers can protect themselves by suspecting any unsolicited message that suggests they are
targets of illegal activity, no matter what the medium or apparent source. Rather than calling a
number given in any unsolicited message, a consumer should directly call the institution named,
using a number that is known to be valid, to verify all recent activity and to ensure that the account
information has not been tampered with.