A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page to remedy the issue. Which of the following BEST describes this attack?
The scenario described involves setting up a fake login page and sending emails to company employees to trick them into entering their credentials. This is a tactic used to collect usernames and passwords, known as credential harvesting. The goal of the penetration tester in this scenario is to gather the login credentials of the company's employees through deception. Thus, credential harvesting is the best description of this type of attack.
The penetration tester created a fake login page to trick the company's employees into entering their email credentials, which were then harvested by the tester. This type of attack is commonly referred to as phishing, and it is a common tactic used by attackers to gain access to sensitive information.
Wha you think about question 78?
A is correct
Credential harvesting involves using a variety of tactics including phishing, malware, bruteforce attacks, keylogging, and more. These tactics are used to acquire usernames, passwords, financial information, and other sensitive data that can be used to gain access to accounts or other information. As such, it is important to practice good online safety habits, such as strong password creation and monitoring of accounts.
A is correct
The MOST correct answer to describe this attack is: A. Credential harvesting Credential harvesting is the act of tricking users into revealing their login credentials, often through phishing emails or fake login pages. In this case, the penetration tester is attempting to steal employees' cloud mail login credentials by creating a fake login page that appears legitimate.
Password spraying is a technique used to try guess a user's password by using a list of commonly used passwords. The list is usually generated from publicly available sources or from other data breaches. The attacker makes multiple attempts at a single user account with different passwords in an attempt to gain access. It is a common attack vector for criminals and should be guarded against with strong password creation and regular monitoring of accounts.