Phishing Detection Techniques | Exam SY0-601: CompTIA Security+

CompTIA Security+ Exam SY0-601: Phishing Detection Techniques

Prev Question Next Question

Question

Joe, an employee, receives an email stating he won the lottery.

The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe's identity before sending him the prize.

Which of the following BEST describes this type of email?

A.

Spear phishing B.

Whaling C.

Phishing D.

Vishing.

C.

Explanations

Joe, an employee, receives an email stating he won the lottery.

The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe's identity before sending him the prize.

Which of the following BEST describes this type of email?

A.

Spear phishing

B.

Whaling

C.

Phishing

D.

Vishing.

C.

The email described in the question is an example of phishing, which is the attempt to trick someone into providing sensitive information, such as login credentials or personal details, by disguising the email as a legitimate communication from a trustworthy source.

Phishing emails often use social engineering techniques to create a sense of urgency or fear in the recipient, encouraging them to act quickly without thinking critically. In this case, the email claims that Joe has won the lottery and includes a link that asks for his personal information to confirm his identity before receiving the prize.

Spear phishing is a more targeted form of phishing that involves tailoring the message to a specific individual or group, often using information obtained from public sources or social media. Whaling is a type of spear phishing that targets high-level executives or other individuals with access to valuable information. Vishing, on the other hand, is a form of phishing that uses voice communication, such as phone calls or voicemails, to trick the recipient into revealing sensitive information.

Overall, the best course of action when receiving a suspicious email is to avoid clicking on any links or downloading any attachments, and to report the email to the appropriate authorities or IT department.