A security administrator notices large amounts of traffic within the network heading out to an
external website. The website seems to be a fake bank site with a phone number that when called,
asks for sensitive information. After further investigation, the security administrator notices that a
fake link was sent to several users. This is an example of which of the following attacks?

A.
Vishing

B.
Phishing

C.
Whaling

D.
SPAM

E.
SPIM

Explanation:
Phishing is the act of sending an email to a user falsely claiming to be an established legitimate
enterprise in an attempt to scam the user into surrendering private information that will be used for
identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal
information, such as a password, credit card, social security, or bank account numbers, that the
legitimate organization already has. The website, however, is bogus and set up only to steal the
information the user enters on the page.
Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large
groups of people, the “phisher” counts on the email being read by a percentage of people who
actually have an account with the legitimate company being spoofed in the email and
corresponding webpage.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being
that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into
biting.