Palo Alto Networks (PANW) Certified Cybersecurity Entry-level Technician (PCCET) Practice Exam

Your CFO receives an email with her name that claims to be the company's bank and tells her to click the link https://chase.bankofamerica.mysite.ru. What type of attack is this?

• A. Spamming
• B. Phishing
• C. Spear phishing
• D. Whaling

The correct answer is: Whaling

The situation described is indicative of a whaling attack. Whaling is a specific type of phishing that targets high-profile individuals, such as executives or key employees within a company. In this case, the email is directed deliberately to the CFO and attempts to deceive her by claiming to be from the company’s bank while using a fraudulent URL. The use of personalized information, such as the CFO's name, increases the likelihood that the targeted individual will trust the email and might click on the provided link. Whaling attackers typically craft their messages to seem official and often go to great lengths to imitate legitimate sources, exploiting the trust that comes with senior positions within a company. The goal is usually to obtain sensitive information, such as login credentials or financial data. Other types of attacks listed, such as spamming, phishing, and spear phishing, have different scopes and targets. Spamming refers to unsolicited bulk messages, typically for advertising. Phishing is a broader term that includes various deceptive techniques aimed at any potential victim. Spear phishing, while still a targeted attack, usually refers to individuals rather than high-ranking officials, focusing on personalizing the attack to increase its success rate. In summary, the attack targeting the CFO fits the characteristics of whaling, making