During an incident investigation, a security analyst notes that multiple employees received emails that appear to come from the company's HR department. Each message addresses the recipient by name, references a recent benefits enrollment, and directs the user to a spoofed internal portal to "verify" their credentials. Which social-engineering technique is the attacker using?
This is an example of spear phishing. Unlike broad phishing campaigns that cast a wide net, spear-phishing emails are crafted for a specific organization or individual and often contain personal details (such as the user's name or job function) to build credibility. Whaling also uses email but specifically targets high-level executives; vishing relies on voice/phone calls rather than email; tailgating is a physical social-engineering tactic in which an attacker follows someone into a secured area.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some common signs of a phishing email?
Open an interactive chat with Bash
How can individuals protect themselves from phishing attacks?
Open an interactive chat with Bash
What should someone do if they think they have fallen for a phishing attack?