Vishing Attack: Definition, Detection, and Prevention

Vishing Attack

Question

Which event is a vishing attack?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html#~types-of-phishing-attacks

A vishing attack is a type of social engineering attack that involves a cybercriminal using voice communication to trick their victim into divulging sensitive information or performing an action that compromises their security. The correct answer to this question is C. impersonating a tech support agent during a phone call.

In a vishing attack, the attacker may pose as a trusted authority figure, such as a representative from a bank, a tech support agent, or a government agency. The attacker will use various tactics to gain the victim's trust, such as using official-sounding language, providing a plausible reason for their call, or claiming to have knowledge of the victim's personal information.

Once the attacker has gained the victim's trust, they will then attempt to obtain sensitive information from them, such as login credentials, credit card numbers, or personal identification information (PII). They may also try to convince the victim to perform an action that could compromise their security, such as downloading malware or granting remote access to their computer.

Option A, obtaining disposed documents from an organization, is not a vishing attack. It is an example of an information security breach that could result from improper disposal of sensitive information.

Option B, using a vulnerability scanner on a corporate network, is not a vishing attack either. It is a method used by security professionals to identify vulnerabilities in a network or system that could be exploited by attackers.

Option D, setting up a rogue access point near a public hotspot, is an example of a wireless attack. It involves an attacker creating a fake wireless network that looks legitimate in order to steal login credentials or other sensitive information from unsuspecting victims who connect to it. However, this is not a vishing attack, as it does not involve voice communication.