+ Reply to Thread
Results 1 to 4 of 4
  1. Member
    Join Date
    May 2013
    Posts
    35

    Certifications
    Security+
    #1

    Default Phishing vs Hoax. Do I have the difference correctly identified?

    These seem to be very close in definition. So close that I can see this as being a question on the test. Both phishing and hoaxes come from an email source. They both want to force the victim to do something they wouldn't otherwise do. The difference is that a hoax will encourage the victim to do something bad to their machine (delete files, or corrupt drivers or something). The phishing will convince the user to divulge personal information to be used against them later.

    Does that sound close enough?

    -Sharkbait_
    Reply With Quote Quote  

  2. SS
  3. Registered Member Darril's Avatar
    Join Date
    May 2009
    Location
    Virginia Beach, VA
    Posts
    1,569

    Certifications
    MCT, A+, Net+, Security+, CASP, SSCP, CISSP, MCSE, MCITP...
    #2
    That does sound close enough for the Security+ exam.

    One difference is that *all* phishing comes from email, but *all* hoaxes don't necessarily come from email. Some hoaxes are spread through social forums like Facebook.

    Also, phishing has morphed and often tries to get someone to click on a link. An unprotected machine can be infected by a "driveby" download if the recipient clicks on the link. When the unprotected machine visits the malicious site, the malicious site attempts to download and install malware on the user's system.

    A recent trend I've been seeing is that attackers are farming names and email addresses from social networks. They then impersonate your friends with a phishing email. For example, I recently received an email with a friend's name in the from field and the comment "Awesome article" and a malicious link. However, when I looked at the actual originating email address, it wasn't from my friend. The attackers created an email account and used my friend's name as the display name.

    Hope this helps.
    Reply With Quote Quote  

  4. Member
    Join Date
    Jul 2010
    Posts
    94

    Certifications
    CISSP, OSCP, OSCE, GXPN, CSXP, CEHv7, CCNA, CCNA Security, GCED, CCSK, Net+, Sec+, Project+
    #3
    I'd also like to add that hoaxes don't always involve attacking your computer. Sometimes they only want to get you to believe something that isn't true (e.g. xxxx celebrity has died).
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Jun 2013
    Posts
    12

    Certifications
    JNCIA-Junos Server+ ,A+, Network+, Security+, MCP Server 2102 (70-410), MCITP:Vista
    #4
    The main difference is that phishing is an attempt to obtain information from someone by tricking them.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks