During a penetration test, the consultant notices that several employees have received late-night emails with the subject line "Claim your $100 Amazon Gift Coupon!" The messages spoof the company's rewards department, use a shortened URL, and redirect victims to a counterfeit Microsoft 365 sign-in page that records the entered credentials before forwarding the user to Amazon's real site. Which type of social-engineering attack does this BEST illustrate?
A targeted spearphishing email designed for credential harvesting
A vishing campaign that uses an interactive voice response system
A smishing attack sent via SMS text messages
Dumpster diving to collect discarded corporate documents
The messages are a spearphishing email campaign. They are delivered by email (not SMS or phone), impersonate a trusted internal program, and target specific employees with a fake reward to entice them to enter corporate credentials. Smishing involves SMS texts, vishing relies on voice calls, and dumpster diving requires physical retrieval of discarded items-none of which match the described scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What makes spearphishing different from regular phishing?
Open an interactive chat with Bash
Why is credential harvesting a common motive in spearphishing attacks?
Open an interactive chat with Bash
What security measures can prevent spearphishing attacks?