Question

Which statement is true of phishing?

	a.	It consists of self-propagating program code that is triggered by a specified time or event.
	b.	It prevents the disclosure of information to anyone who is not authorized to access it.
	c.	It involves sending fraudulent e-mails that seem to come from legitimate sources.
	d.	It involves monitoring and recording keystrokes.

Answer 1

Ans. c. It involves sending fraudulent e-mails that seem to come from legitimate sources

Phishing is a kind of fraudulent attempt that may be committed to obtaining sensitive information (like passwords, credit card information and usernames). It is generally carried out through electronic communication modes like email and IM or instant messaging. The attacker/hacker tries to establish as a trustworthy entity through the communication and may require the victim to enter personal/sensitive information on a fake website. This fake website may also match a genuine website (for instance a fake website for Amazon may be created for the theft, by a fraud committer). Countries of the world have legislation, public awareness campaigns, user training processes, and technical/cybersecurity measures in place for preventing phishing. However, users should not be greedy and should examine the email and other communications carefully. Phishing usually takes 3 forms.

Spear phishing- a phishing attempt directed at a specific user, company or individual. It is the opposite of bulk phishing.

Whaling- it is a kind of spear-phishing attack which tries to defraud senior and top executives or any other target of high repute/profile.

Clone phishing- here the clone of a legitimate email/link/address/personal information is cloned by the attacker to defraud users.