A security administrator notices large amounts of traffic within the network heading out to an external website.
The website seems to be a fake bank site with a phone number that when called, asks for sensitive information.
After further investigation, the security administrator notices that a fake link was sent to several users.
Which of the following attacks is this an example of?
Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an
attempt to scam the user into surrendering private information that will be used for identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information, such
as a password, credit card, social security, or bank account numbers, that the legitimate organization already
has. The website, however, is bogus and set up only to steal the information the user enters on the page.
Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people,
the “phisher” counts on the email being read by a percentage of people who actually have an account with the
legitimate company being spoofed in the email and corresponding webpage.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait is
thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.