Pharming

teancum144

I ran across a question worded similarly to the following:

Employees receive emails that fraudulently claim to be from the company's security department. The emails ask the employees to sign on to a website to verify passwords and personal information. This is an example of which type of attack?
A. Spam
B. Pharming
C. Man-in-the-middle
D. Vishing

The answer is B, but many sources say Pharming is a DNS (or hosts file) poisoning attack that redirects web traffic. Based on this, I though the best answer is A.

Thoughts?

ZachB

Sounds like phishing to me.

Where did you run across this question?

Baack

Non of those answers seem to apply Vishing is social engineering over the phone

I guess spam would be the only one close

Pharming is an attacker's attack intended to redirect a website's traffic to another, bogus site. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software.

Sharkbait

My understanding of Spam is that it's simply unwarranted advertisements via email. In the question posed, this is the key sentence for me...

"The emails ask the employees to sign on to a website to verify passwords and personal information."

As soon as the "Attack" asks the user to provide PII (or click a bogus link), it becomes something more than just Spam.

-Sharkbait-

ZachB

Sharkbait wrote: »

My understanding of Spam is that it's simply unwarranted advertisements via email. In the question posed, this is the key sentence for me...

"The emails ask the employees to sign on to a website to verify passwords and personal information."

As soon as the "Attack" asks the user to provide PII (or click a bogus link), it becomes something more than just Spam.

-Sharkbait-

This.

I'd find different practice exams.

PhoneJockey

First time poster, long time observer.

Currently my work utilizes something called Skillport which is a online video tutorial of sorts and they pay for my certifications which I am currently taking Security+. There is a pre exam we must pass before given the credit voucher for the test center. There is a question phased as this. (granted the verbiage is not exact but you'll see where I am going)

Your manager sent you an email requiring you to go to a website and log into using your credentials. But once you enter your credentials on the link nothing happens. What type of attack is happening?

1) Spim
2) Spear phishing
3) MITM
4) Phishing


Naturally I chose phishing but was wrong and here is the explanation of why. The general explanation given on the study test of phishing was that a general inquiry was sent as bait but the source is foreign and/or a large company or website. However, spear phishing is when the contact is a trusted source. It did not go into the degree of information asked i.e password, pins and such. It was more of a identify source question.

Pharming is in fact a redirect (HTTP 302) and honestly I would have guessed spam because I get bank spam requesting credentials on my junk accounts a lot. Pharming just does not seem to fit.

Darril

@teancum144. I echo ZachB's response "I'd find different practice exams." Since you didn't indicate what the explanation of the question was, I'm assuming there wasn't an explanation. If the author of the question did write out the explanation, the flaw becomes apparent.

A pharming attack redirects a website's traffic to another website and is often done through DNS poisoning. The question doesn't imply any type of redirection.

Spam is the best answer because spam is unwanted and unsolicited email. Phishing and spear phishing is an attack delivered through spam (it is unwanted and unsolicited).

If phishing was a possible answer, it would be the BEST answer because it more specifically describes the unwanted email.

If spear-phishing was a possible answer, it would be the BEST answer because it more specifically describes the unwanted email. It is targeting employees within the company because it appears to come from the company's security department.

@PhoneJockey. Welcome to the forums. Great first post.