Exam 312-50v12 topic 1 question 165 discussion

Pretexting: Fraudsters may impersonate executives from financial institutions, telephone companies, and other businesses. They rely on “smooth-talking” and win the trust of an individual to reveal sensitive information. CEH Module 09 - Social Engineering

At first I thought the answer was B for pretexting, but I now think it is A for whaling. The key pointing to whaling is that the attack impersonates a HIGH-RANKING PERSON, so the attacker can exploit trust and perceived authority. Additionally, "targeted attacks" are more likely to continue as the attacker continues to reach out to other people using this persona to gather more info. While this situation can be seen as a type of pretexting, pretexting is typically more targeted and often involves direct interaction and a carefully crafted scenario to manipulate a specific victim.

This is A, it is asking which advanced social engineering technique the attacker used. He didn't use baiting, spear phishing, or network vulnerabilities. He used whaling and targeted attacks. Literally, read the last part of the question.

For me id D the fake linkedin profile lure other to invite the haker. Furthermore the haker has critical data that could point to Data Leakage

in the scenario described, aren't things referred of a network vulnerability, so, i think that the correct answer is A

Pretexting Fraudsters may impersonate executives from financial institutions, telephone companies, and other businesses. They rely on “smooth-talking” and win the trust of an individual to reveal sensitive information. CEHv12 Module 09 Page 1386

Why Option A (Whaling and Targeted Attacks) is Correct: Impersonation of a high-ranking official: The attacker posed as a senior executive on LinkedIn, which is a typical tactic in whaling attacks where high-profile individuals are impersonated to gain credibility and manipulate targets. Access to proprietary project details: By connecting with employees and gaining access to exclusive corporate events, the attacker successfully obtained sensitive information, demonstrating a targeted attack focused on acquiring valuable corporate data. Therefore, option A (Whaling and Targeted Attacks) best describes the advanced social engineering technique used by the attacker and identifies the most likely immediate threat to the organization

So, in this context, A & B are strong contenders. A - seems more precies B - has that pretexting definition by the book However, Pretexting is part of Whaling and in the question be have nothing about Network Vulnerability but be have about a targeted Attack. So the final answer, and correct one, is A

Keyword "impersonating a high-ranking official" (Pretexting) not targeting CEOs (Whaling). From the book "Pretexting Fraudsters may impersonate executives from financial institutions"

A - Whaling - Key word "high-ranking official"

Pretexting Fraudsters may impersonate executives from financial institutions, telephone companies, and other businesses. They rely on “smooth-talking” and win the trust of an individual to reveal sensitive information.

B. CEH 1386 key word is impresonate

I think this comment is right. > Pretexting: Fraudsters may~(przemyslaw1)

Key words is "high-ranking official". then the most likely immediate threat to the organization is targeted attacks.

I would choose C, should not be A because the person impersonate high-ranking official, not targeting high-ranking official.

Im unsure about the accuracy of this statement

A. Whaling and Targeted Attacks Whaling = An attacker targets high profile executives like CEOs, CFOs, politicians, and celebrities who have complete access to confidential and highly valuable information.The attacker tricks the victim into revealing critical corporate and personal information through email or website spoofing