An attacker invests time collecting personal data about a specific employee, then sends a customized email asking for confidential login information. Which approach is the BEST method to measure how personnel respond to this scenario?
Visit the company lobby posing as a consultant and attempt to engage employees
Place phone calls to random individuals pretending to be a technician
Create a detailed message referencing known personal details alongside a fake login form
Use a single generic message to all staff outlining new security procedures
Sending a carefully crafted message leveraging specific details and directing the user to a false portal simulates a highly customized attack that persuades recipients to divulge sensitive data. Mass emailing lacks personalization and does not accurately reflect a targeted threat. Random phone calls can be recognized as social engineering by recipients who are not expecting them. Visiting the facility in person does not replicate the same remote targeting vector that an email presents.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is social engineering, and how does it relate to this scenario?
Open an interactive chat with Bash
What are the key components of a phishing email attack?
Open an interactive chat with Bash
How does spear phishing differ from standard phishing?