Which type of phishing is conducted through telephone calls or VoIP systems?

The correct answer is vishing, which refers specifically to phishing attacks conducted over the phone or through Voice over Internet Protocol (VoIP) systems. Vishing typically involves a malicious caller impersonating a legitimate entity, such as a bank, tech support, or a government agency, to trick the victim into providing sensitive information, such as passwords, credit card numbers, or personal identification information.

Vishing can take several forms, including automated calls (robocalls) or direct conversations with a caller. The effectiveness of these attacks often stems from the element of urgency or the fear instilled in the victim, prompting them to act quickly without verifying the caller's identity.

In contrast, while the other terms may involve deception or impersonation, they refer to different methods of attack. Whaling specifically targets high-profile individuals such as executives to extract sensitive information. Impostor vishing is another specific form of vishing that emphasizes the impersonation aspect of the attack. Smishing pertains to phishing attacks carried out through SMS text messages rather than voice channels. Understanding these distinctions helps in recognizing the various forms of social engineering threats and how they may manifest.