A user in the finance department receives a phone call from someone claiming to be the Chief Financial Officer. The caller is asking the user to approve a funds transfer for a recently awarded contract. Which of the following attacks is occurring?

Rationale

Whaling is the type of attack occurring in this scenario.

Whaling refers to phishing attacks that specifically target high-profile individuals, such as executives, to deceive employees into divulging sensitive information or authorizing transactions. In this case, the caller impersonates the Chief Financial Officer to manipulate the finance department employee into approving a funds transfer.

A (Vishing) YOUR ANSWER

Vishing, or voice phishing, involves using phone calls to trick individuals into revealing personal or financial information. While this scenario involves a phone call, the specific targeting of a high-ranking executive makes it a whaling attack rather than a general vishing attack.

B (Whaling) CORRECT

Whaling specifically targets high-level executives and individuals within an organization, exploiting their authority and trust. The impersonation of the Chief Financial Officer in this situation indicates that the attack is aimed at deceiving an employee into performing an unauthorized action, characteristic of whaling tactics.

C (Insider threat) YOUR ANSWER

An insider threat involves individuals within an organization who misuse their access to information or systems for malicious purposes. In this scenario, there is no indication that an internal employee is acting maliciously; rather, the threat comes from an external impersonator.

D (Evil twin) YOUR ANSWER

An evil twin attack involves creating a fraudulent Wi-Fi network that mimics a legitimate one to intercept data from unsuspecting users. This scenario does not involve Wi-Fi networks or data interception, making it irrelevant to the situation described.

Conclusion

The scenario illustrates a classic whaling attack, where a caller pretends to be a high-ranking executive to manipulate an employee into authorizing a funds transfer. This tactic relies on exploiting the trust associated with positions of authority, distinguishing it from other forms of social engineering like vishing, insider threats, or evil twin attacks. Understanding these distinctions is crucial for safeguarding organizational assets against sophisticated phishing threats.

A user in the finance department receives a phone call from someone claiming to be the Chief Financial Officer. The caller is asking the user to approve a funds transfer for a recently awarded contract. Which of the following attacks is occurring?

Whaling is the type of attack occurring in this scenario.

Related Questions

Related Quizzes

How familiar were you with this question?

Report an Issue

Rate this Practice Test