You are currently viewing CISSP certification: Phishing and vishing.

CISSP certification: Phishing and vishing.

Phishing, Spear Phishing and Whale Phishing (Fishing spelled in hacker speak with Ph not F).

These are all types of social engineering, the attackers is trying to circumvent technical and administrative safeguards.

  • Phishing (Social Engineering Email Attack):
    • Click to win, Send information to get your inheritance …
    • Sent to hundreds of thousands of people; if just 0.02% follow the instructions they have 200 victims.
    • A Public Treasurer in Michigan sent 1,2m to Nigeria (1,1m of taxpayer funds and $72,000 of his own).
  • Spear Phishing:
    • Targeted Phishing, not just random spam, but targeted at specific individuals.
    • Sent with knowledge about the target (person or company); familiarity increases success.
  • Whale Phishing (Whaling):
    • Spear Phishing targeted at Senior Leadership of an organization.
    • This could be: “Your company is being sued if you don’t fill out the attached documents (With Trojan in them) and return them to us within 2 weeks”.
  • Vishing (Voice Phishing):
    • Attacks over automated VOIP (Voice over IP) systems, bulk spam similar to Phishing.
    • These are: “Your taxes are due”, “Your account is locked” or “Enter your PII to prevent this” types of calls.

Thor Pedersen

IT, information security, and project management trainer Best selling CISSP. CISM, and PMP instructor on Udemy. CISSP, CISM, C|EH, CDPSE, PMP, 2x CCNP, CompTIA Security+, SCP, 3x CCNA, et. Al.