Home » CompTIA » PT0-001 » An attacker uses SET to make a copy of a company’s cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO’s login credentials.
An attacker uses SET to make a copy of a company’s cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO’s login credentials.
A. Elicitation attack
B. Impersonation attack
C. Spear phishing attack
D. Drive-by download attack
Correct Answer: A
Explanation/Reference:
Reference: https://www.social-engineer.org/framework/influencing-others/elicitation/
It is an Elicitation attack.
Elicitation attacks are a way of obtaining info from users without them knowing they are giving it away, while they think they perform a day to day task(checking email) they actually provide credentials on the fake site. (but according to CompTIA, this could easily be a whaling attack and a spear phishing attack) – dodgy question 😐
I’d say spear phishing. CompTIA defines spear phishing as “Phishing attacks target sensitive information like passwords, usernames, or credit card information.” The attacker has created a message (the email), sent it to the CEO (targeting a specific person) in the hopes of obtaining sensitive data (the login credentials).
This is C, an impersonation attack would happen in person not over email.
https://usa.kaspersky.com/resource-center/definitions/spear-phishing
This is either Spear Fishing or and Impersonation attack. B or C