Certified Ethical Hacker (CEH v12) — Question 35
Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different.
What type of attack he is experiencing?
Answer options
- A. DHCP spoofing
- B. DoS attack
- C. ARP cache poisoning
- D. DNS hijacking
Correct answer: D
Explanation
Joe is likely a victim of DNS hijacking, where attackers redirect users from a legitimate website to a malicious one. The altered and unsecured URL indicates that the website he is trying to access may not be the genuine banking site, prompting the need for re-entering credentials. The other options, such as DHCP spoofing, DoS attacks, and ARP cache poisoning, do not match the scenario of redirecting to a fraudulent site for credential capture.