After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?
Social engineering is the practice of manipulating people into performing actions or divulging confidential information, often by impersonating someone else or creating a sense of urgency or trust. In this scenario, the suspicious caller was attempting to deceive the user into providing credit card information by falsely claiming that the Chief Financial Officer required it to close an invoice. This tactic is a clear example of social engineering, where the attacker uses psychological manipulation rather than technical hacking methods to exploit human vulnerabilities and gain sensitive information.
Executive whaling is when the CFO is one being targeted, therefore the answer is C
Social engineering encompasses a wide variety of techniques and psychological tactics to exploit human vulnerabilities. - Whaling: This is a type of social engineering attack that targets high-profile individuals by impersonating them to deceive other employees into divulging sensitive information or performing actions that compromise security. -The scenario described clearly involved the impersonation of a CFO, which makes option D the correct answer.
Answer is C....Social engineering is the practice of manipulating people into performing actions or divulging confidential information, often by impersonating someone else or creating a sense of urgency or trust. The suspicious caller in this scenario was trying to use social engineering to trick the user into giving away credit card information by pretending to be the CFO and asking for a payment. The user recognized this as a potential scam and reported it to the IT help desk. The other topics are not relevant to this situation.
C: Social enginerring This involves impersonation of an executive, it is done via a phone call rather than an email
D. Executive whaling
C Whaling is send email to the Ceo
For the 601 exam Whaling referred to the CEO being hit by a phishing attack...ie email. It targets a high value individual through email. This scenario says that someone called in to impersonate the CFO (high level individual) which is social engineering. There seems to be a term called Executive Phishing but not Executive Whaling. This could be a CompTIA question where they mix the terms to catch you out. Doesn't help that in the real world we often use these terms interchangeably.
C. Social engineering Explanation: Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. In this scenario, the suspicious caller was attempting to deceive the user into providing credit card information by falsely claiming to be acting on behalf of the Chief Financial Officer. This tactic is a classic example of social engineering, where the attacker uses social manipulation rather than technical hacking methods to obtain sensitive information. It is not D because this is a type of phishing attack that specifically targets high-profile executives (also known as "whales") to steal sensitive information. While the scenario does involve the mention of a high-ranking executive, it is broader in scope and fits under the general category of social engineering rather than a specific whaling attack through email.
How I understand it is Whaling is when they impersonate an executive, executive whaling is when they target an executive (spearfishing in a sense), and social engineering is a broad form of trickery to deceive whoever the target is (not specific) to divulge information.
In CompTIA's lessons for 701, the only reference I could find for "whaling" is a definition of "targeting employees that have influential roles." I'm going with C. Social engineering
It has to be C because the caller is stating the CFO wants the information, he is not saying he is the CFO.. also the term is whaling, not executive whaling
Executive Whaling