Phishing vs Hoax. Do I have the difference correctly identified?

SharkbaitSharkbait Member Posts: 35 ■■□□□□□□□□
These seem to be very close in definition. So close that I can see this as being a question on the test. Both phishing and hoaxes come from an email source. They both want to force the victim to do something they wouldn't otherwise do. The difference is that a hoax will encourage the victim to do something bad to their machine (delete files, or corrupt drivers or something). The phishing will convince the user to divulge personal information to be used against them later.

Does that sound close enough?



  • DarrilDarril Member Posts: 1,588
    That does sound close enough for the Security+ exam.

    One difference is that *all* phishing comes from email, but *all* hoaxes don't necessarily come from email. Some hoaxes are spread through social forums like Facebook.

    Also, phishing has morphed and often tries to get someone to click on a link. An unprotected machine can be infected by a "driveby" download if the recipient clicks on the link. When the unprotected machine visits the malicious site, the malicious site attempts to download and install malware on the user's system.

    A recent trend I've been seeing is that attackers are farming names and email addresses from social networks. They then impersonate your friends with a phishing email. For example, I recently received an email with a friend's name in the from field and the comment "Awesome article" and a malicious link. However, when I looked at the actual originating email address, it wasn't from my friend. The attackers created an email account and used my friend's name as the display name.

    Hope this helps.
  • thegoodbyethegoodbye Member Posts: 94 ■■□□□□□□□□
    I'd also like to add that hoaxes don't always involve attacking your computer. Sometimes they only want to get you to believe something that isn't true (e.g. xxxx celebrity has died).
  • jinbakojinbako Member Posts: 12 ■■■□□□□□□□
    The main difference is that phishing is an attempt to obtain information from someone by tricking them.
Sign In or Register to comment.