23 Jun Practice Test Question-Social Engineering
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Fran received a call from her company’s help desk supervisor telling her that customers were receiving email messages informing them of a special promotion available for a limited time. Upon investigating these messages, Fran learned that they were sent by an attacker who somehow gained possession of her organization’s customer list. What term best describes this attack?
C. Spear Phishing
Correct Answer: C
We can eliminate prepending as an answer option because preprending attacks add prefixes to existing email addresses and other identifiers and this isn’t mentioned here. Pharming attacks trick users into visiting a malicious website, so that isn’t correct either. This is definitely a phishing attack, because it is soliciting sensitive information from customers over email. That leaves us with two possibilities: whaling and spear phishing. This attack is best described as a spear phishing attack because it was not sent blindly to many recipients but rather targeted at individuals who are actually customers of the company. Whaling attacks work in a similar way but target senior executives.