Quiz: Prevent phone phishing scams

1. Answer: d. 60%
Another report from RSA Cyota, a division of Bedford, Mass.-based RSA Security Inc., backed MessageLab's findings that an increasing number of phishing attacks are targeting banks outside the U.S. … But while attacks in other countries are on the rise, RSA Cyota found that the U.S. still hosts almost 60% of all phishing attacks.

To learn how phishing attacks have steadily grown more aggressive and sophisticated since the start of the year, read this news article.

2. Answer: c. As phone phishing evolves, attackers will most likely borrow ideas from pharming attacks.
In the near future, the stakes for enterprises might rise even higher, as phone phishers begin to borrow another idea from traditional phishing, namely spear phishing.

To learn about phone phishing attacks, read our Threat Monitor tip, or listen to this tip on your iPod or other MP3 player.

3. Answer: c. 80%
At West Point in 2004, teacher and National Security Agency expert Aaron Ferguson sent out a message to 500 cadets asking them to click a link to verify grades. Ferguson's message appeared to come from a Colonel Robert Melville of West Point. Over 80% of recipients clicked the link in the message; in response they received a notification that they'd been duped and warning that their behavior could have resulted in downloads of spyware, Trojan horses, and/or other malware.

To learn how spear phishing attacks work, read our glossary definition.

4. Answer: b. VAM
SPIT (spam over Internet telephony), sometimes known as vam (voice or VoIP spam), is unsolicited bulk messages broadcast over VoIP.

To learn more about SPIT/VAM, read our glossary definition.

5. Answer: False
Less-sophisticated spear phishers often use ready-made Trojan programs to launch their attacks. Organizations with robust, multi-level AV and antispyware defenses (at the perimeter and the desktop) will be able to deflect these targeted "spears." Serious spear phishers, on the other hand, are harder to stop. They typically use spyware to solicit a targeted attack and customized spears that do not trigger perimeter and desktop alarms. Unfortunately, we should expect to see an increase in these attacks because toolkits have made the production of customized Trojans easier and as a result, cheaper.

To learn how to prevent spear phishing attacks, read this tip.

This was last published in June 2006

Dig Deeper on Application attacks (buffer overflows, cross-site scripting)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.