An unexpected and out-of-character email message from a Chief Executive Officer's corporate account asked an employee to provide financial information and to change the recipient's contact number. Which of the following attack vectors is most likely being used?

Rationale

Business email compromise is the most likely attack vector being used.

Business email compromise (BEC) occurs when an attacker impersonates a legitimate business account to manipulate employees into revealing sensitive information or performing unauthorized actions, such as changing contact details. The scenario described fits this definition, as the email comes from the CEO's account and requests sensitive financial information.

A (Business email compromise) CORRECT

This option correctly identifies the scenario where an attacker uses a legitimate email account to deceive an employee into providing sensitive information or making changes that could benefit the attacker. The fact that the email is unexpected and out-of-character for the CEO highlights the manipulative tactics often employed in BEC attacks, making this the most applicable choice.

B (Phishing) YOUR ANSWER

Phishing typically involves deceptive emails to trick recipients into revealing personal information, often directing them to malicious websites. While the email mentioned may be a phishing attempt in a broader sense, it specifically aligns with BEC due to the impersonation of a CEO's account and the specific request for sensitive information, making it less precise than BEC.

C (Brand impersonation) YOUR ANSWER

Brand impersonation refers to creating a false identity that mimics a well-known brand or company to deceive individuals. Although there is an element of impersonation in the email, this term usually applies to broader fraudulent schemes targeting customers or the public rather than targeted attacks on internal employees, as seen in this case.

D (Pretexting) YOUR ANSWER

Pretexting involves creating a fabricated scenario to obtain information from a target. While this attack vector could theoretically fit the situation, the specific use of a CEO's email account to request sensitive information about financials directly aligns more accurately with BEC than with broader pretexting strategies.

Conclusion

The scenario describes a targeted attack where an impersonated CEO's email seeks to extract sensitive financial information, precisely fitting the definition of business email compromise. Unlike phishing, brand impersonation, or pretexting, BEC explicitly involves the exploitation of a legitimate corporate account to manipulate employees, highlighting the seriousness of this security threat within organizations. Recognizing this can help prevent significant financial losses and data breaches.

An unexpected and out-of-character email message from a Chief Executive Officer's corporate account asked an employee to provide financial information and to change the recipient's contact number. Which of the following attack vectors is most likely being used?

Business email compromise is the most likely attack vector being used.

Related Questions

Related Quizzes

How familiar were you with this question?

Report an Issue

Rate this Practice Test