UGC NET Questions (Paper – 1)

Phishing exploits human trust by sending messages that appear to come from legitimate institutions such as banks or universities. These messages typically ask users to click a link and enter passwords or other sensitive data on fake websites. The goal is to steal credentials or financial information for misuse. This deceptive practice is known as phishing.

Option A:
Option A, spooling, is a legitimate operating system technique for managing input and output operations and has no inherent fraudulent intent. It is unrelated to tricking users into revealing information.

Option B:
Option B is correct because phishing is precisely defined as attempting to acquire sensitive information by pretending to be a trustworthy entity in digital communication. The stem exactly matches this definition.

Option C:
Option C, farming, in its usual sense relates to agriculture and does not describe online fraud. Even in computing, related terms like pharming refer to different technical attacks.

Option D:
Option D, defragging, is a maintenance process that reorganises data on a disk to improve performance and has nothing to do with email based deception.

Phishing typically involves sending deceptive emails or messages that appear to come from legitimate organisations to trick users into revealing confidential information. It relies on social engineering rather than purely technical attacks. Because it exploits human trust, it is a major ICT security concern. The practice described is accurately termed phishing.

Option A:
Option A is correct because phishing is the established name for fraudulent communication that attempts to lure users into providing sensitive data under false pretences.

Option B:
Option B, hacking, is a broader term covering unauthorised access to systems and may involve technical exploitation, not necessarily deceptive messages as in the question.

Option C:
Option C, debugging, involves finding and correcting errors in software and is a legitimate development activity.

Option D:
Option D, compiling, translates source code into machine code and has nothing to do with fraudulent acquisition of credentials.

Phishing is a social engineering technique where attackers impersonate trusted organisations to trick users into revealing sensitive data. Fake emails often copy logos and language of real institutions and direct victims to fraudulent websites. When users enter passwords or card details, attackers capture them for misuse. The described scenario matches this pattern exactly.

Option A:
Using strong passwords and two-factor authentication is a protective measure, not an attack. It reduces the chance that stolen credentials can be abused.

Option B:
Updating antivirus software from an official site is a recommended security practice. It helps detect malware but is not itself malicious.

Option C:
Backing up data protects against loss due to failure or attack but does not involve deception or credential theft.

Option D:
This option correctly highlights impersonation, deceptive email and a request for confidential information, which are hallmark features of phishing attacks.

Phishing is a social engineering technique in which attackers disguise themselves as trustworthy entities in electronic communication. They often use emails or websites that closely resemble genuine ones to lure users into entering sensitive information. Such data can then be misused for identity theft or financial fraud. The scenario in this option captures the deceptive and fraudulent nature of phishing.

Option A:
This option correctly emphasises that the email appears legitimate but is actually fraudulent. The attacker’s goal is to obtain confidential data such as login credentials, bank details or OTPs. Recognising such attempts is an important ICT security awareness outcome for students and staff.

Option B:
Legitimately updating a password on the official portal is a recommended security practice, not an example of fraud. The user interacts with a genuine site and improves account protection. Hence, this behaviour is the opposite of phishing.

Option C:
Regular backups contribute to data availability and disaster recovery, not to social engineering attacks. They are a positive security measure undertaken by administrators. Therefore, this action is unrelated to phishing.

Option D:
Downloading open-source software from verified sources can be safe if checksums and signatures are verified. This behaviour shows cautious ICT use rather than falling for deceptive schemes. Thus, it is not an example of phishing.