A server administrator receives an unsolicited phone call from an individual claiming to be a senior network engineer from a third-party vendor. The caller explains that urgent, unscheduled maintenance is required on a core firewall and requests the administrator's login credentials for the device to "verify the current configuration" before proceeding. The caller becomes more insistent when the administrator hesitates, stressing the risk of a network-wide outage. Which social engineering attack is this an example of?
The correct answer is vishing. Vishing, or 'voice phishing', is a social engineering attack that uses voice communication, such as a phone call, to manipulate a target into revealing sensitive information. The scenario describes an attacker using a phone call, creating a false identity (pretexting), and applying pressure through urgency to obtain login credentials.
Spear phishing is incorrect because it is a highly targeted attack delivered via email, not a phone call.
Baiting is incorrect because it involves luring a victim with a tempting offer or object, such as a malware-infected USB drive left in a public space.
Tailgating is incorrect as it is a physical security breach where an unauthorized person follows an authorized individual into a restricted area.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is vishing in social engineering?
Open an interactive chat with Bash
What is the difference between vishing and spear phishing?
Open an interactive chat with Bash
How can server administrators protect themselves from vishing attacks?