An impersonation attack in which an attacker gains control of an employee's account and uses it to convince other employees to perform fraudulent actions.

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

An impersonation attack in which an attacker gains control of an employee's account and uses it to convince other employees to perform fraudulent actions.

Explanation:
The situation is best described as business email compromise. This involves an attacker gaining control of a legitimate employee’s email account and using it to persuade colleagues to take fraudulent actions, such as approving a funds transfer or sharing sensitive information. Because the messages come from a trusted internal source, recipients are more likely to follow the instructions, especially if the attacker imitates a familiar voice or workflow and creates a sense of urgency or authority. This technique exploits trust in internal communications and bypasses many technical controls by leveraging a compromised, legitimate channel. Ciphertext and plaintext are cryptography terms related to encrypted data, not to impersonation or social engineering. A watering hole attack targets a compromised website to deliver malware to visitors, not to hijack an employee’s account to directly instruct others inside the organization to commit fraud.

The situation is best described as business email compromise. This involves an attacker gaining control of a legitimate employee’s email account and using it to persuade colleagues to take fraudulent actions, such as approving a funds transfer or sharing sensitive information. Because the messages come from a trusted internal source, recipients are more likely to follow the instructions, especially if the attacker imitates a familiar voice or workflow and creates a sense of urgency or authority. This technique exploits trust in internal communications and bypasses many technical controls by leveraging a compromised, legitimate channel.

Ciphertext and plaintext are cryptography terms related to encrypted data, not to impersonation or social engineering. A watering hole attack targets a compromised website to deliver malware to visitors, not to hijack an employee’s account to directly instruct others inside the organization to commit fraud.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy