Which of the following types of attacks entices a user to disclose personal information such as social
security number, bank account details, or credit card number?

A.
Password guessing attack

B.
Spoofing

C.
Phishing

D.
Replay attack

Explanation:

Phishing is a type of scam that entice a user to disclose personal information such as social security
number, bank account details, or credit card number. An example of phishing attack is a fraudulent
e-mail that appears to come from a user’s bank asking to change his online banking password. When
the user clicks the link available on the e-mail, it directs him to a phishing site which replicates the
original bank site. The phishing site lures the user to provide his personal information.
Answer option B is incorrect. Spoofing is a technique that makes a transmission appear to have
come from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing,
a hacker modifies packet headers by using someone else’s IP address to his identity. However,
spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source
IP address causes the responses to be misdirected.
Answer option D is incorrect. Replay attack is a type of attack in which attackers capture packets
containing passwords or digital signatures whenever packets pass between two hosts on a network.

In an attempt to obtain an authenticated connection, the attackers then resend the captured packet
to the system.
Answer option A is incorrect. A password guessing attack occurs when an unauthorized user tries to
log on repeatedly to a computer or network by guessing usernames and passwords. Many password
guessing programs that attempt to break passwords are available on the Internet. Following are the
types of password guessing attacks:
Brute force attack
Dictionary attack
Reference: “http://en.wikipedia.org/wiki/Phishing”