An executive from ABC Corp receives an email from a vice president of XYZ Corp, which is a prestigious partner organization of ABC Corp. This email was formatted using XYZ's corporate logo, images, and text from their website (checked by the executive before opening the included form). After clicking the provided link, the executive was asked to verify his credentials for access to a confidential report about ABC Corp, but after he filled out the form, the executive received only a referral to XYZ's site. What type of attack was used in this scenario?
a. Phishing
b. Smishing
c. Vishing
d. Spear phishing
Answer: D
This is an example of a spear phishing attack, which uses fraudulent email to obtain access to data of value (here, the executive's credentials) from a targeted organization. Answer A is incorrect because while phishing attacks involve email, spear phishing attacks are targeted and customized to a selected target. The question's description of the images, links, and report all indicate a very targeted attack. Answer B is incorrect because smishing attacks are conducted using SMS messages. Answer C is similarly incorrect because vishing attacks employ telephone or VoIP audio communications.
Learn More :
Measuring and Weighing Risk
- What is the first step in performing a basic forensic analysis?
- Which of the following is information that is unlikely to result in a high-level financial loss or serious damage to the organization but still should be protected?
- Which of the following policies should be used when assigning permissions, giving users only the permissions they need to do their work and no more?
- If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then what is the ALE?
- Which of the following strategies involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you?
- Separation of duties helps prevent an individual from embezzling money from a company. To successfully embezzle funds, an individual would need to recruit others to commit an act of ________ (an agreement between two or more parties established for the purpose of committing deception or fraud).
- Which of the following policies describes how the employees in an organization can use company systems and resources, both software and hardware?
- If you calculate SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is:
- Which of the following strategies is accomplished anytime you take steps to reduce the risk?
- Which of the following policy statements should address who is responsible for ensuring that it is enforced?
- The risk-assessment component, in conjunction with the ________, provides the organization with an accurate picture of the situation facing it.
- Which of the following strategies involves sharing some of the burden of the risk with someone else such as an insurance company?
- Which of the following is the structured approach that is followed to secure the company's assets?
- What is the term used for events that mistakenly were flagged and aren't truly events to be concerned with?
- Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an organization?
- Which of the following policy statements may include an escalation contact, in the event that the person dealing with a situation needs to know whom to contact?
- Which of the following strategies involves identifying a risk and making the decision to no longer engage in the action?
- Refer to the scenario. Which of the following is the ALE for this scenario?
- Consider the following scenario: The asset value of your company's primary servers is $2 million and they are housed in a single office building in Anderson, Indiana. You have field offices scattered throughout the United States, so the servers in the main office account for approximately half the business. Tornados in this part of the country are not uncommon, and it is estimated one will level the building every 60 years.
- You're the chief security contact for MTS. One of your primary tasks is to document everything related to security and create a manual that can be used to manage the company in your absence. Which documents should be referenced in your manual as the ones that identify the methods used to accomplish a given task?