Which statement is true of phishing?
a.
It consists of self-propagating program code that is triggered by a specified time or event.
b.
It prevents the disclosure of information to anyone who is not authorized to access it.
c.
It involves sending fraudulent e-mails that seem to come from legitimate sources.
d.
It involves monitoring and recording keystrokes.
The correct answer and explanation is :
The correct answer is:
c. It involves sending fraudulent e-mails that seem to come from legitimate sources.
Explanation:
Phishing is a form of cyber attack that involves tricking individuals into revealing sensitive information such as usernames, passwords, credit card details, and other personal data by pretending to be a trusted entity. The primary method used in phishing is fraudulent emails or messages that look like they are from legitimate sources such as banks, online services, or even colleagues. These emails typically contain links to fake websites designed to capture sensitive information.
Phishing works by exploiting human vulnerabilities rather than technological weaknesses. Attackers often create emails that appear legitimate, using tactics like mimicking official logos, urgent language, or familiar sender addresses to create a sense of authenticity. The email may ask the recipient to click on a link that leads to a counterfeit website designed to harvest login credentials or other sensitive data. Sometimes, these emails may contain attachments or links that, when clicked, infect the user’s computer with malware or ransomware.
Phishing is not limited to emails alone; it can also occur through text messages (SMS phishing or “smishing”), social media, or even phone calls (voice phishing or “vishing”). Regardless of the medium, the goal is the same: to deceive the target into providing personal information or downloading malicious software.
The other options listed are related to different forms of cyber threats:
- a. Self-propagating program code triggered by a specified time or event describes a worm or virus, not phishing.
- b. Preventing unauthorized disclosure of information refers to encryption or access control, not phishing.
- d. Monitoring and recording keystrokes refers to keylogging, a technique used for spying, but not specifically phishing.
Phishing is one of the most common cyber threats today and remains effective due to the reliance on human judgment and awareness. Users are encouraged to be cautious about unsolicited emails, verify sources before clicking on links, and employ security measures such as multi-factor authentication to protect sensitive data.