A spear phishing attack is a targeted email attack aimed at a specific individual, organization, or business. Unlike general phishing, which casts a wide net, spear phishing is highly personalized and designed to deceive the recipient into providing sensitive information.
Personalization – The email references a golf membership renewal, making it relevant and believable to the recipient.
Social Engineering – The attacker exploits the victim’s trust by pretending to be a legitimate entity.
Malicious Link – The victim clicks a fraudulent hyperlink and enters sensitive credit card details.
Financial Fraud – The goal is to steal payment information, leading to unauthorized transactions.
A. Numerous and consistent attacks on the company’s website caused the server to crash.
This describes a Denial-of-Service (DoS) attack, not spear phishing.
B. A person posing as an IT help desk representative called employees and played a generic message requesting passwords.
This describes vishing (voice phishing) rather than spear phishing.
D. Many users of a social network service received fake notifications about a new investment opportunity.
This is general phishing, as it targets multiple users instead of one individual.
IIA’s GTAG (Global Technology Audit Guide) on Cybersecurity – Emphasizes the risk of spear phishing in cyber fraud.
NIST SP 800-61 (Computer Security Incident Handling Guide) – Defines spear phishing as a highly targeted attack method.
COBIT 2019 (Governance and Management of IT) – Highlights social engineering risks in IT security.
Why Option C is Correct?Why Not the Other Options?IIA References:✅ Final Answer: C. A person received a personalized email regarding a golf membership renewal, and he clicked a hyperlink to enter his credit card data into a fake website.
