An assessor wants to replicate smishing by sending deceptive notifications to employees. Which strategy is best to measure their responses to suspicious text-based prompts disguised as official updates?
Send automated voice prompts urging individuals to provide account details
Embed a malicious web link in a short messaging channel that solicits sensitive information on a disguised site
Distribute mass emails with attachments presented as company documents
Run a scanning utility across the network to gather endpoint configurations
Sending deceptive short messages that include a malicious link is a practical way to replicate text-based infiltration. This demonstrates how an unsuspecting individual might select a link and be led to a site that harvests credentials. The phone-based approach, the mass email campaign, and the network tool deployment do not replicate a text-based infiltration scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is smishing and how does it differ from phishing?
Open an interactive chat with Bash
Why are links embedded in text messages an effective attack vector?
Open an interactive chat with Bash
How can individuals protect themselves from smishing attacks?