Exam 312-50v13 topic 1 question 165 discussion

Identified Social Engineering Technique: The attacker impersonated a high-ranking official using a fake LinkedIn profile, targeted specific employees, and gained trust to access proprietary information. This aligns with pretexting, a technique where an attacker creates a fictional scenario (pretext) to manipulate victims into divulging sensitive data or granting access. Whaling (A) targets high-level executives, but here the attacker impersonates a high-ranking official to target others, not directly attack executives. Spear Phishing (C) involves targeted emails, but the attack uses a social media profile, not phishing emails. Baiting (D) uses physical or digital "baits" (e.g., infected USB drives), which is not the case here.

The scenario describes an attacker: Creating a fake LinkedIn profile Impersonating a high-ranking official Gaining trust and connecting with other employees Receiving invitations and accessing sensitive project information This aligns closely with whaling, which is a type of social engineering attack that targets high-profile individuals (executives, directors, etc.) or impersonates them to gain access to privileged information or networks.

Note that they asked for two things in the question: 1. Social engineering technique used(Baiting). 2.The immediate threat to the organization(Involuntary data leakage). D is the only answer that provides a social engineering threat and an immediate threat.

A. Whaling and Targeted Attacks This is the best match, as the attacker impersonated a high-ranking official and used this trust to gain access to proprietary project details and corporate events.

Spear Phishing → A highly targeted attack where a hacker crafts emails specifically for an individual or organization to trick them into revealing sensitive information or installing malware.