What kind of email did the attacker send to the receptionist in the social engineering example?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

What kind of email did the attacker send to the receptionist in the social engineering example?

Explanation:
Impersonation of an authority figure via email is a classic social engineering move. The attacker forges the sender to look like the receptionist’s boss, leveraging the trust people place in a supervisor and the urgency to act quickly. By spoofing the From field and crafting a tone that mimics the boss, the attacker makes the request appear legitimate, increasing the likelihood the receptionist will comply without verifying. This is the best description because it directly describes using email spoofing to impersonate a boss, which is precisely the tactic used to manipulate the receptionist. It isn’t simply a password-reset request from IT, a malware attachment from a vendor, or a generic HR phishing email—those would rely on different cues and targets. To defend against this, staff should verify unusual requests from superiors through a separate channel (e.g., a phone call or in-person confirmation) and organizations should implement email authentication (DMARC, SPF, DKIM) to reduce spoofed messages.

Impersonation of an authority figure via email is a classic social engineering move. The attacker forges the sender to look like the receptionist’s boss, leveraging the trust people place in a supervisor and the urgency to act quickly. By spoofing the From field and crafting a tone that mimics the boss, the attacker makes the request appear legitimate, increasing the likelihood the receptionist will comply without verifying.

This is the best description because it directly describes using email spoofing to impersonate a boss, which is precisely the tactic used to manipulate the receptionist. It isn’t simply a password-reset request from IT, a malware attachment from a vendor, or a generic HR phishing email—those would rely on different cues and targets.

To defend against this, staff should verify unusual requests from superiors through a separate channel (e.g., a phone call or in-person confirmation) and organizations should implement email authentication (DMARC, SPF, DKIM) to reduce spoofed messages.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy