Potential Spear Phishing Scams

Identifying Potential Spear Phishing Scams

Prev Question Next Question

Question

Which activities could be considered a potential spear phishing scam? (Choose three.)

Answers

A. Members of a religious organization receive a donation request by email claiming to be from their leader.

B. Payroll receives an external email from an employee looking to update their bank account information.

C. A courier delivers a business a duplicate invoice that contains updated payment details of an existing supplier.

D. An employee receives an email that asks to download an attachment, but the attachment is a malware.

E. An employee receives a phone call requesting that money be sent to assist someone in trouble.

F. A business sends its employees an email warning that email passwords must be changed to prevent cyber-fraud.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

BCF

Spear phishing is a form of phishing that targets a specific individual or group, typically using social engineering techniques to manipulate the target into divulging sensitive information or performing a specific action. The objective of a spear phishing scam is to trick the victim into believing that the communication is legitimate, in order to gain access to sensitive data or to commit financial fraud.

Based on this definition, the activities that could be considered a potential spear phishing scam are:

A. Members of a religious organization receive a donation request by email claiming to be from their leader.

This scenario involves a social engineering technique known as pretexting, where the attacker impersonates a trusted individual or entity to gain the victim's trust. In this case, the attacker is posing as the leader of the religious organization to solicit donations. The email may include a link to a fake website or a request for sensitive information such as credit card details.

B. Payroll receives an external email from an employee looking to update their bank account information.

This scenario involves a social engineering technique known as phishing, where the attacker impersonates a trusted individual or entity to gain access to sensitive information. In this case, the attacker is posing as an employee and requesting that their bank account information be updated. The email may include a link to a fake website or a request for login credentials.

D. An employee receives an email that asks to download an attachment, but the attachment is a malware.

This scenario involves a social engineering technique known as baiting, where the attacker entices the victim to perform a specific action by offering something of value. In this case, the attacker is offering an attachment that appears to be legitimate, but is actually malware. Once the victim downloads and opens the attachment, their computer is infected with the malware, which can then be used to steal sensitive data or commit financial fraud.

In summary, the three activities that could be considered a potential spear phishing scam are A, B, and D. It is important to note that spear phishing attacks can take many different forms and may involve a variety of social engineering techniques. To protect against spear phishing scams, it is important to be vigilant and to follow best practices for cybersecurity, such as avoiding clicking on links or opening attachments from unknown sources, and verifying the authenticity of communications before providing sensitive information.

Prev Question Next Question