CompTIA PenTest+ PT0-002 Practice Question
A penetration tester is crafting an email to impersonate a senior executive of a large corporation as part of a security assessment. The goal is to manipulate another high-ranking executive into disclosing sensitive company information. Which of the following tactics would be MOST effective for this scenario?
Craft the content to seem like an urgent issue unique to the company that requires immediate attention, using specific jargon and references known only to the executive team.
Register a domain name that is a common misspelling of the company’s actual domain to send the email from, in the hopes that it goes unnoticed.
Impersonate a trusted co-worker in a department not usually interacting with the executive to increase the likelihood of the executive responding due to curiosity.
Initiate a generic email phishing campaign with a broad and common theme hoping to catch the executive among other employees.