Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 18

What is the difference between deceptive phishing and spear phishing?

Answer options

• A. Deceptive phishing is an attacked aimed at a specific user in the organization who holds a C-level role.
• B. A spear phishing campaign is aimed at a specific person versus a group of people.
• C. Spear phishing is when the attack is aimed at the C-level executives of an organization.
• D. Deceptive phishing hijacks and manipulates the DNS server of the victim and redirects the user to a false webpage.

Correct answer: B

Explanation

The correct answer is B because spear phishing is characterized by its focus on individual targets, making it more personalized than general phishing attacks. Option A is incorrect as it misdefines deceptive phishing by linking it to C-level roles. Option C incorrectly generalizes spear phishing as only targeting C-level executives, while D describes deceptive phishing inaccurately by implying it manipulates DNS servers, which is not a characteristic of either type.