PrepAway - Latest Free Exam Questions & Answers

Which of the following BEST describes this attack?

The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud. No one
else received the voice mail. Which of the following BEST describes this attack?

PrepAway - Latest Free Exam Questions & Answers

A.
Whaling

B.
Vishing

C.
Spear phishing

D.
Impersonation

Explanation:
Whaling is a specific kind of malicious hacking within the more general category of phishing, which
involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on
collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or
others in powerful positions or job titles.
Hackers who engage in whaling often describe these efforts as “reeling in a big fish,” applying a familiar
metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those
who are engaged in whaling may, for example, hack into specific networks where these powerful
individuals work or store sensitive data. They may also set up keylogging or other malware on a work
station associated with one of these executives. There are many ways that hackers can pursue whaling,
leading C-level or top-level executives in business and government to stay vigilant about the possibility of
cyber threats.
Incorrect Answers:
B: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private
information that will be used for identity theft. The scammer usually pretends to be a legitimate business,
and fools the victim into thinking he or she will profit. A voice mail was used in this question, not a
telephone conversation.
C: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking
unauthorized access to confidential data. As with the e-mail messages used in regular phishingexpeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually
appear to come from a large and well-known company or Web site with a broad membership base, such
as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be
an individual within the recipient’s own company and generally someone in a position of authority. The
attack described in this question is not an example of spear phishing.
D: Impersonation is where a person, computer, software application or service pretends to be someone
it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can
also be used as a security threat. The attack described in this question is not an example of
impersonation.

http://www.techopedia.com/definition/28643/whaling
http://www.webopedia.com/TERM/V/vishing.html
http://searchsecurity.techtarget.com/definition/spear-phishing


Leave a Reply