CompTIA: Advanced Security Practitioner (CASP) Exam Prep

Answer: C - Vishing is an attack that uses social engineering and spoofs telco services.

Key Takeaway: Vishing is a combination of Voice and Phishing. With the advent of VoIP, services such as caller ID that are trustworthy when run by the phone company over POTS are now subject to spoofing. Users are inherently trusting that the number showing on caller ID is actually where the call is from because they are used to it being so from the days before VoIP. In a Vishing attack, an attacker will call the victim and the caller ID will say it is from a bank or other place of authority. The attacker will then ask for credentials so that he can verify who he is talking to, updates, or any other way he thinks he can get the information.