Ethical 12b Flashcards
Which antiphishing tool is an enterprise-level solution that installs phishing sweeper clients throughout an organization?
Phishing Sweeper
Besides using decimal IP addresses, what other formats can an attacker use to trick a user into visiting an IP address by way of URL?
Octal Hexadecimal Dword
What two online services can be used to provide a shortened third-party URL link to a phishing web page?
smallurl.com tinurl.com
A large enterprise-sized client has asked you to provide software that will work throughout their domain to counter the threat of phishing attacks by managing workstation behavior and providing a centralized monitoring capability. What anti-phishing software should you use?
Phishing Sweeper
A user has come to you and indicated that their corporate credit card was compromised after the user attempted to check the balance on the card. The user says that he clicked a link on a 3rd party web page that appeared to be legitimate, but actually lead to a phishing site. What most likely occurred?
A phisher utilized content injection to make the site appear legitimate.
Which of the following might be considered an antiphishing technique?
entering a URL in a browser manually
What statement accurately describes how attackers exploit the use of IRC and instant messaging applications for phishing attempts?
Bots are utilized in popular channels and on popular applications to send fake information to many potential victims all at once.
What type of social engineering attack tricks users with offers of money or other inducements in order to get users to give them personal information?
Phishing
In malware-based phishing, what technique can be used to redirect legitimate URLs to a malicious address?
Hosts File Poisoning
You are planning to perform content-injection phishing in order to grab login information from your client’s users in order to demonstrate a vulnerability on their network. What statements describe actual means by which you could perform this attack?
Legitimate content can be replaced by malicious content through the use of a security vulnerability on the client’s web servers.
Create a phishing site, compromise a single user’s PC, and then use their corporate contact list to spread the phishing site throughout the client’s domain.
Which type of phishing attack involves friendly login URLs, host name obfuscation, or bad domain names?
URL obfuscation
Which of the following is a reason for successful phishing?
lack of knowledge
According to Kaspersky Lab’s Spam Statistics Report Q2 2013, which country had the highest percentage of phishing attacks?
China
What is the first step that is performed when building a successful phishing site?
Register a fake domain name.
Which type of phishing attack makes use of a proxy server?
Man-in-the-Middle Attacks
