Exam 200-201 topic 1 question 84 discussion

From the book: Other social engineering techniques include the following: Phishing, Spear phishing, Pharming (is the term used to describe a threat actor redirecting a victim from a valid website or resource to a malicious one that could be made to appear as the valid site to the user. From there, an attempt is made to extract confidential information from the user or to install malware in the victim’s system. Pharming can be done by altering the host file on a victim’s system, through DNS poisoning, or by exploiting a vulnerability in a DNS server.), Malvertising, SMS phishing, Voice phishing (or vishing), Whaling, Elicitation, interrogation, and impersonation (Pretexting)

C. phishing - Phishing is the practice of sending emails or messages to deceive individuals into providing sensitive information such as usernames, passwords, and credit card details. E. pharming - Pharming is a type of cyber attack where an attacker redirects website traffic from a legitimate website to a fraudulent website that looks similar to the legitimate one, with the aim of stealing personal or financial information.

Not actually clear why the book considers Pharming as a social engineering type of attack (threat actor doesn't need to communicate with the victim), since it's actually more of an end-point(workstation/server/online dns resolver) based attack revolving around the manipulation of DNS entries...

C. phishing (Phishing is when attackers attempt to trick users into doing 'the wrong thing', such as clicking a bad link that will download malware, or direct them to a dodgy website) E. pharming (Pharming is a form of online fraud involving malicious code and fraudulent websites. Cybercriminals install malicious code on your computer or server. The code automatically directs you to bogus websites without your knowledge or consent)