CERTIFIED-IN-CYBERSECURITY · Question #462
CERTIFIED-IN-CYBERSECURITY Question #462: Real Exam Question with Answer & Explanation
The correct answer is B: Using a rogue interactive voice response system. Vishing refers to the social engineering tactic of using a fraudulent interactive voice response system to trick victims into divulging sensitive information (see ISC2 Study Guide, Chapter 5, Module 4). For example, a fraudster might set up an automated call system that mimics a
Question
In terms of social engineering tactics, what does 'vishing' refer to?
Options
- ARequesting password or login credentials in exchange for compensation
- BUsing a rogue interactive voice response system
- CImpersonating an authority figure or trusted individual
- DFollowing an authorized user into a restricted area
Explanation
Vishing refers to the social engineering tactic of using a fraudulent interactive voice response system to trick victims into divulging sensitive information (see ISC2 Study Guide, Chapter 5, Module 4). For example, a fraudster might set up an automated call system that mimics a bank's phone service and ask the victim to enter his or her account number and PIN for "verification purposes". Although the remaining options are social engineering tactics, they do not define vishing. In particular, impersonating an authority figure or trusted individual is a common tactic in phishing attacks, but it is not specific to vishing. Following an authorized user into a restricted area is a physical social engineering tactic known as 'tailgating'. Requesting passwords or credentials in exchange for compensation is a form of fraud. However, it does not involve the use of a fraudulent interactive voice response system and is therefore not vishing.
Topics
Community Discussion
No community discussion yet for this question.