An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?
An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?
The technique being used by the attacker is vishing, or voice phishing. Vishing involves using the telephone system to trick the victim into providing private information or performing certain actions, such as buying gift cards. The key element here is the use of a phone call to impersonate the Chief Executive Officer, which classifies this attack specifically as vishing.
While "C. Impersonating" is indeed part of the attacker's actions, it's a more generic term for assuming someone else's identity. In this specific scenario, the attacker is using vishing (voice phishing) to impersonate the Chief Executive Officer (CEO) over the phone, which is a type of social engineering attack where the voice is used to manipulate the employee into buying gift cards. So, "D. Vishing" more accurately describes the specific technique being employed in this situation.
Impersonation is correct, don't overthinking
what vector did the attacker use to impersonate though?
The attacker used vishing as the vector to impersonate to get his giftcards
Seems like it can be either C or D... My question, how precise and evil is Comptia?? If you look at the objectives for this exam, 1.1 includes both Vishing and Impersonation... see that second word "Impersonation"... NOT "Impersonating". So, if they are trying to fool you into picking the wrong one, seems like spelling "Impersonating" as they did could be the "trick" they are playing on us. I'm going to Vishing, though I will admit, I am not positive. But, I don't trust Comptia. They are assholes that write those questions!
The attacker is using Option D: Vishing. Vishing, or voice phishing, is a form of social engineering where an attacker uses the telephone system to trick the victim into providing private information. In this case, the attacker is posing as the Chief Executive Officer and instructing the employee to buy gift cards, which is a common tactic used in vishing attacks.
But he's not going for private info, just for the victim to spend money
The keyword is call - vishing
The attacker is using D. Vishing. Vishing is a type of social engineering attack where the attacker uses the phone to pose as a legitimate entity and trick the victim into revealing sensitive information or performing certain actions. In this case, the attacker is posing as the CEO and instructing the employee to buy gift cards.
The attacker in this scenario is using "Vishing" (Option D). Vishing stands for "voice phishing," and it involves a social engineering attack where an attacker makes phone calls, impersonates someone they are not, and tries to manipulate the victim into revealing sensitive information or taking specific actions, such as purchasing gift cards. In this case, the attacker is posing as the CEO and attempting to trick the employee over the phone.
At first I thought Vishing, but he isn't trying to phish any credentials from him, only extortion.
I guess vishing is still technically viable, another coinflip question..
If you think about it vishing almost always uses a form of impersonation. I mean what other tactic could you use with vishing. You call someone and you claim to be an IT support, CEO, etc. These are the methods that vishing is using to get the victim, but the attack at the base is vishing.
I'm going to go with Vishing as it is voice technique that is being used and you can impersonate in Phishing and other attacks and this is the only choice that only applies to this senario
COMPTIA Study Guide says: Impersonation simply means pretending to be someone else. It is one of the basic social engineering techniques. Impersonation can use either a consensus/liking or intimidating approach. Impersonation is possible where the target cannot verify the attacker's identity easily, such as over the phone or via an email message.
HOW ABOUT THIS QUESTION GUYS ?? An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using? A. Smishing B. Disinformation C. Impersonating D. Whaling
This would be Impersonating. If Vishing was an option it would be Vishing. Similar to the UPS vs Generator Questions.
CEO fraud: Typically perpetrated through email or electronic communication, with the attacker impersonating a high-ranking executive. Vishing: Involves voice communication, such as phone calls, with the attacker impersonating someone from a trusted organization.
The correct answer is whaling. Whaling is a phishing attack that targets high-profile people by impersonating them. The answer is not listed here but listed in my dump! The best option would be C
Vishing, short for "voice phishing," is a social engineering technique in which attackers use phone calls to trick individuals into providing sensitive information or taking unauthorized actions. In this case, the attacker is using a phone call to impersonate the CEO and manipulate the employee into purchasing gift cards, which is a common tactic in vishing attacks.
The technique is impersonation, the attack method is Vishing which seeks credentials or personal info. In most all cases, both are used together.
the technique is the attacker using is Vishing
C. Impersonating (or impersonation) An impersonation attack uses vishing as a form of attack. If the phone call was just a vishing attack, I don’t think the question would have included the CEO.