CompTIA Security Plus Mock Test Q720

An attacker crafts a message that appears to be from a trusted source, but in reality it redirects the recipient to a malicious site where information is harvested. The message is narrowly tailored so it is effective on only a small number of victims. This describes which of the following?

A. Spear phishing
B. Phishing
C. Smurf attack
D. Vishing


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular
phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site
with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient’s own
company and generally someone in a position of authority.

Incorrect Answers:
B: Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal rather than a trusted source
such as an individual within the recipient’s own company.
C: A smurf attack is a type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. A smurf attack is a type of
DDoS attack; it does not involve the use email messages to gain access to confidential data.
D: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be
a legitimate business, and fools the victim into thinking he or she will profit. Vishing uses verbal communication; it does not involve the use email messages and does not appear to be
from a trusted source such as an individual within the recipient’s own company.

References:
http://searchsecurity.techtarget.com/definition/spear-phishing