Question 1: An attacker registers the domain "professormessor.com" (wrong spelling) and hosts a credential-harvesting page. Users who mistype the legitimate URL land on the attacker's site. What technique is this?
Question 2: An employee receives a phone call. The caller ID displays the company's bank name and number. The caller says: "This is your bank's fraud department β we detected suspicious activity and need to verify your account number and PIN immediately." What type of attack is this?
Question 3: An attacker calls a company's accounting department and says: "Hi, this is calling from Visa regarding an automated payment to your utility service that didn't go through β I'll need to verify your payment details." The accountant provides the information. What technique did the attacker use?
Question 4: An employee receives an email with a button labeled "Confirm Email Now." Before clicking, they look at the sender address and notice it is from an icloud.com address, even though the email claims to be from their corporate mail provider. What is the correct takeaway?
Question 5: A company finance manager receives an email appearing to be from the CEO: "I need you to process an urgent wire transfer of $75,000 to a new vendor today. Keep this confidential." The sender address is ceo@company-payments.com instead of the real ceo@company.com. What type of attack is this?
Matching: Phishing Variants
Match each term to its correct description.
TERM
DESCRIPTION
Performance Task
A mid-size company has experienced three incidents this quarter: (1) an employee wired $45,000 to a fake vendor after receiving a CEO email from a lookalike domain, (2) three employees clicked a link in a text message claiming to be from HR asking them to update their payroll details, (3) an employee gave IT credentials over the phone to someone claiming to be from the help desk. Name the attack type for each incident and design one specific defense for each.
Incident 1 β CEO email from lookalike domain β BEC (Business Email Compromise)
Attack: The attacker spoofed or registered a domain similar to the company's to impersonate the CEO and trigger a fraudulent wire transfer. The "urgency + confidentiality" social engineering prevented the employee from verifying through another channel.
Defense: Implement a mandatory call-back verification policy for all wire transfers above a defined threshold. The callback number must come from the company's internal directory β not from the email requesting the transfer. No exceptions. Additionally, configure email banners flagging external senders to alert employees when email claims to be from internal staff but arrives from an external domain.
Incident 2 β HR text message requesting payroll update β Smishing
Attack: SMS phishing (smishing) using HR impersonation as the lure. Employees were directed to click a link β likely leading to a credential-harvesting page mimicking the payroll portal.
Defense: Send a company-wide communication: HR will never request payroll updates via text message. Employees should go directly to the official HR portal by typing the URL themselves β never through a link in a text or email. Enable MFA on the payroll/HR system so that even if credentials are harvested, the attacker cannot log in without the second factor.
Incident 3 β IT credentials given over the phone β Pretexting (Vishing)
Attack: The attacker fabricated a help desk scenario (pretexting) delivered over the phone (vishing). The employee trusted the caller's claimed role and gave up credentials they should never share with anyone β including real IT staff.
Defense: Establish and communicate a clear policy: IT will never ask for your password β ever. During onboarding and annual security training, employees should practice recognizing this type of call. IT staff should have a verification code system so employees can confirm a caller is legitimate IT staff before sharing any information. Implement a "pause and verify" step: hang up and call the IT help desk back at the official number from the internal directory.