Which of the following is a type of phishing attack that specifically targets highranking corporate executives?
(Select the best answer.)
A.
vishing
B.
pharming
C.
whaling
D.
dumpster diving
Explanation:
Whaling is a type of spear phishing attack used to retrieve sensitive information from highranking executives of
a corporation. Phishing is a social engineering technique in which a malicious person uses a seemingly
legitimate electronic communication, such as email or a webpage, in an attempt to dupe a user into submitting
personal information, such as a Social Security number (SSN), account login information, or financial
information. Spear phishing is a form of phishing that targets specific individuals. Spear phishing is considered
whaling when it specifically targets highranking executives of a corporation, such as chief executive officers(CEOs) or chief financial officers (CFOs). To mitigate the effects of a phishing attack, users should use email
clients and web browsers that provide phishing filters. In addition, users should also be wary of any unsolicited
email or web content that requests personal information.
Pharming is another form of phishing that is used to retrieve sensitive information by directing users to fake
websites. Malicious users can direct users to fake websites through Domain Name System (DNS) poisoning or
host file manipulation. Both DNS and host files are used to crossreference Uniform Resource Locators (URLs)
and IP addresses. When a user specifies a URL, either a DNS server or the local host file converts it to an IP
address so that requests can be forwarded to the correct location. Both a DNS server and a host file can be
altered so that users are directed to websites that appear authentic but instead are used for malicious
information gathering. These phony websites often ask users for passwords or other sensitive information. A
pharming attack is not effective unless a user voluntarily provides information to the website.
Like whaling and pharming, vishing is another form of phishing that is used to obtain sensitive information.
Vishing accomplishes its goal through the use of voice communication networks. Perpetrators of vishing
attacks use a variety of methods to retrieve information. For example, an attacker might spoof phone numbers
of legitimate businesses in order to deceive a victim. An attacker might also use a misleading voice or email
message that instructs the potential victim to contact a phony call center that is masked as a legitimate
business. After telephone communications are established, the perpetrators will attempt to coax sensitive
information from users, such as credit card or bank account numbers.
Dumpster diving is an attack in which malicious users obtain information that has been thrown in the trash.
Dumpster divers seek to recover discarded documents that might contain sensitive information such as account
login credentials, passwords, or bank account numbers. To prevent unauthorized users from obtaining
information from discarded documents, individuals and companies should shred documents containing
confidential data before disposing of such documents.Trend Micro: whale phishing