Which of the following is a type of phishing attack that specifically targets highranking corporate executives? (Select the best answer.)
- dumpster diving
Whaling is a type of spear phishing attack used to retrieve sensitive information from highranking executives of a corporation. Phishing is a social engineering technique in which a malicious person uses a seemingly legitimate electronic communication, such as email or a webpage, in an attempt to dupe a user into submitting personal information, such as a Social Security number (SSN), account login information, or financial information. Spear phishing is a form of phishing that targets specific individuals. Spear phishing is considered whaling when it specifically targets highranking executives of a corporation, such as chief executive officers (CEOs) or chief financial officers (CFOs). To mitigate the effects of a phishing attack, users should use email clients and web browsers that provide phishing filters. In addition, users should also be wary of any unsolicited email or web content that requests personal information.
Pharming is another form of phishing that is used to retrieve sensitive information by directing users to fake websites. Malicious users can direct users to fake websites through Domain Name System (DNS) poisoning or host file manipulation. Both DNS and host files are used to crossreference Uniform Resource Locators (URLs) and IP addresses. When a user specifies a URL, either a DNS server or the local host file converts it to an IP address so that requests can be forwarded to the correct location. Both a DNS server and a host file can be altered so that users are directed to websites that appear authentic but instead are used for malicious information gathering. These phony websites often ask users for passwords or other sensitive information. A pharming attack is not effective unless a user voluntarily provides information to the website.
Like whaling and pharming, vishing is another form of phishing that is used to obtain sensitive information. Vishing accomplishes its goal through the use of voice communication networks. Perpetrators of vishing attacks use a variety of methods to retrieve information. For example, an attacker might spoof phone numbers of legitimate businesses in order to deceive a victim. An attacker might also use a misleading voice or email message that instructs the potential victim to contact a phony call center that is masked as a legitimate business. After telephone communications are established, the perpetrators will attempt to coax sensitive information from users, such as credit card or bank account numbers.
Dumpster diving is an attack in which malicious users obtain information that has been thrown in the trash. Dumpster divers seek to recover discarded documents that might contain sensitive information such as account login credentials, passwords, or bank account numbers. To prevent unauthorized users from obtaining information from discarded documents, individuals and companies should shred documents containing confidential data before disposing of such documents.