Mike, a user, states that he is receiving several unwanted emails about home loans. Which of the following is this an example of?
A. Spear phishing
Correct Answer: D
Section: Threats and Vulnerabilities
Spam is most often considered to be electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email. However, if a long-lost brother finds your email address and sends you a message, this could hardly be called spam, even though it is unsolicited. Real spam is generally email advertising for some product sent to a mailing list or newsgroup.
In addition to wasting people’s time with unwanted e-mail, spam also eats up a lot of network bandwidth. Consequently, there are many organizations, as well as individuals, who have taken it upon themselves to fight spam with a variety of techniques. But because the Internet is public, there is really little that can be done to prevent spam, just as it is impossible to prevent junk mail. However, some online services have instituted policies to prevent spammers from spamming their subscribers.
There is some debate about why it is called spam, but the generally accepted version is that it comes from the Monty Python song, “Spam spam spam spam, spam spam spam spam, lovely spam, wonderful spam”. Like the song, spam is an endless repetition of worthless text. Another school of thought maintains that it comes from the computer group lab at the University of Southern California who gave it the name because it has many of the same characteristics as the lunch meat Spam:
Nobody wants it or ever asks for it.
No one ever eats it; it is the first item to be pushed to the side when eating the entree.
Sometimes it is actually tasty, like 1% of junk mail that is really useful to some people.
The term spam can also be used to describe any “unwanted” email from a company or website — typically at some point a user would have agreed to receive the email via subscription list opt-in — a newer term called graymail is used to describe this particular type of spam.
A: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient’s own company and generally someone in a position of authority. In this question, the emails are trying to sell home loans rather than trying to access confidential data.
B: A hoax is something that makes a person believe that something is real when it is not. In this question, the emails are likely to be genuine in terms of selling home loans.
C: There are several kinds of spoofing including email, caller ID, MAC address, and uniform resource locator (URL) spoof attacks. All types of spoofing are designed to imitate something or someone.
Email spoofing (or phishing), used by dishonest advertisers and outright thieves, occurs when email is sent with falsified “From:” entry to try and trick victims that the message is from a friend, their bank, or some other legitimate source. Any email that claims it requires your password or any personal information could be a trick.
In a caller ID attack, the spoofer will falsify the phone number he/she is calling from.
In this question, the emails are likely to be genuine in terms of selling home loans and not from ‘spoofed’ addresses.