Exam SY0-701 topic 1 question 6 discussion

C. In a BEC attack, the attacker typically impersonates a high-ranking executive or authority figure within the organization and requests sensitive information or actions from employees. In this case, the HR director is requesting log-in credentials for a cloud administrator account, which is a classic example of BEC where the attacker seeks to gain access to privileged accounts through deception.

A BEC involves a fraudulent email that appears to come from a trusted executive or employee and is used to trick someone into transferring money, sensitive data, or credentials.

The correct answer is C. Business email compromise (BEC) is a type of cybercrime where the scammer uses email to trick someone into sending money or divulging confidential company info. The culprit poses as a trusted figure, then asks for a fake bill to be paid or for sensitive data they can use in another scam. It is a type of phishing attack that targets organizations with a view to steal money or sensitive information. Only option where a trusted entity is impersonated and a request for sensitive information is made is C.

This scenario describes a Business Email Compromise (BEC) attack: BEC attacks typically involve impersonating a trusted figure in the organization (like a CEO or executive). The attacker spoofs the display name to make the email look legitimate. These emails often ask for urgent actions such as wiring money, sending sensitive data, or purchasing gift cards. They usually don't involve attachments or obvious malware — just social engineering.

A Business Email Compromise (BEC) is a targeted social engineering attack where the attacker impersonates a company executive or high-level employee (like a CEO or CFO) to trick an employee—often in finance or HR—into: -Sending money (e.g., wiring funds or buying gift cards) -Disclosing sensitive information -Changing payment account details ✅ Why A is correct: The attacker spoofs the executive’s name in the “From” field, attempting to trick the employee into acting quickly without verifying the request. Gift card scams are a common variant of BEC, especially those pretending to be from executives asking assistants or finance staff to urgently buy cards.

Option | Scenario | Type of Attack A | Impersonates an executive asking for gift cards | ✅ BEC attack (common tactic) B | Ransom message after opening an attachment | ❌ Ransomware, not BEC C | Credential theft request from HR director | ❌ Phishing or Social Engineering, but not necessarily BEC D | Link to a fake email login portal | ❌ Phishing, not BEC

For those answering A, this attack doesn't necessarily need to come from an internal address. Although it can in some cases, in quite a few cases the attack originates from a freemail user that changed their display name to match the display name of a C level or other executive. Option C is the only one (as of April 18, 2025) that could originate from inside the organization that fits the bill.

Email account compromise (EAC) vs BEC In many cases the objective of a BEC attacker and EAC attacker are the same: They want to steal money, data or other sensitive information. However, the key difference is that in a BEC attack, the hacker is merely posing as a trusted figure, such as a business executive, lawyer, or important vendor, usually via a spoofed email account. That person then attempts to direct an employee or other person to take a given action, such as wiring funds to the attacker’s account. In EAC attacks, however, the attacker breaches a legitimate email account and acts as the owner of that account. With access to real credentials, the actor is able to conduct fraudulent activity and bypass multi-factor authentication tools.

Business Email Compromise (BEC) typically involves attackers impersonating a trusted authority—like an executive, HR director, or other high-level personnel—to deceive employees into taking actions that compromise security or financial assets. In Option C, the email appears to be from someone in a position of trust (the HR director) making a request that seems unusual (asking for login credentials), which fits the classic BEC pattern.

I believe it is A, as they muddled the question to state "display field" and not simply From: It best meets a BEC attach when you change the question to read from the CEO.

Answer is A. Option C is more as credential harvesting

A and C are correct, but A is the most common example of a BEC attack; cuz this is a classic BEC attack where an attacker spoofs an executive's email and asks for gift cards or money.

This is a typical BEC scenario, where an attacker impersonates an executive and asks for a gift card or financial transfer, often in an urgent or confidential manner. C - Is an attempt to steal login credentials, but it is not a typical BEC attack. BEC usually involves financial manipulation or social engineering related to authority figures, not credential theft.

An employee receives a gift card request in an email that has an executive’s name in the display field of the email, as it describes a Business Email Compromise (BEC) attack. BEC relies on social engineering rather than malware or phishing links, where attackers impersonate executives or trusted individuals to manipulate employees into making financial transactions, such as purchasing gift cards or wiring money. Unlike phishing, BEC does not involve fake login pages but instead creates a sense of urgency to pressure the target.

The best answer is A. The email request for a service implies that the email account has already been compromised. In answer C, the HR director is requesting information in an "attempt" to compromise the user's account. Flagging said email would mean that the attack has been averted and NOT compromised.

At first, I was going to pick A but C fits the description more. In this case, why would a HR Coordinator ask for the login credentials of an employee. If they needed information, they could've asked the manager or director but most times they can access themselves.

A prime example of a BEC,