Exam SY0-701 topic 1 question 10 discussion

In this scenario, where an employee receives a text message appearing to be from the payroll department asking for credential verification, the following social engineering techniques are being attempted: C. Impersonation - The attacker is pretending to be a trusted entity (the payroll department) to gain the employee's trust and obtain their credentials. E. Smishing - Smishing (SMS phishing) involves sending fraudulent text messages to trick individuals into revealing personal information, such as credentials, by clicking on a link or responding to the message.

Vishing = voice Phishing = email Smishing = text

Although impersonation is indeed a tactic used in the attack (the attacker is impersonating the payroll department), the key focus of the attack is the method used (a fraudulent text message aimed at credential theft) rather than simply the act of pretending to be someone else. That is why the answers phishing (B) and smishing (E) are more precise for this scenario.

Given that the employee only receives a text message (not a phone call), the correct answers would be: E. Smishing C. Impersonation

CompTIA's official guide states: "Smishing: A phishing attack that uses SMS text communications as the vector."​ and "Phishing: "Persuades or tricks the target into interacting with a malicious resource disguised as a trusted one, traditionally using email as the vector."​ It is not impersonation because the Comptia Official guide specifically associates impersonation with direct engagement and persuasion techniques rather than mass communication tactics like smishing or phishing​

impersonation and smishing

Impersonation is a technique Smishing is a technique while Phishing which is also close is a Form. Impersonation and Smishing are under the category of Phishing

Answer C: Pretending to Be Payroll: The text message claims to be from the payroll department, a trusted entity within the company. This impersonation aims to create a sense of urgency and legitimacy, convincing the employee to comply with the request for credential verification. The attacker is leveraging the employee's trust in the payroll department to obtain sensitive information, which is a classic example of impersonation in social engineering. Answer E: The attack occurs through a text message, making it a clear case of smishing. The attacker uses SMS to deliver the deceptive message, which asks for credential verification under the guise of being from a legitimate source. Why it is important, since the message is delivered via text and is attempting to harvest credentials, it aligns perfectly with the definition of smishing.

A. Typosquatting (Impersonation of legitimate URL) B. Phishing (Emails) C. Impersonation (Acting as someone) D. Vishing (Voice Phishing) E. Smishing (Message Phishing or Text Phishing) F. Misinformation (Providing wrong information or fake information or news)

The attacker is likely using a combination of C. Impersonation and E. Smishing to trick the employee into revealing their credentials.

C.Impersonation and E.Smishing

the answer is C.Impersonation and E.Smishing

phishing by classic definition is over email. Its a similar idea but going strictly by textbook definition it doesn't apply

Smishing & Impersonate

Phishing = email Vishing = voice / phone call Smishing = SMS / Tex messages

B. PhishingE. Smishing

This one is tricky, because Smishing is a part of Phishing. Its one of those annoying questions that Vendors like to throw at exam takers. Smishing is the most specific and direct answer to this question. Answer is CE.