Exam SY0-701 topic 1 question 185 discussion

Business email compromise (BEC) is an email-based social engineering attack Social engineering refers to all the techniques used to coerce or talk a victim into revealing information that someone can use to perform malicious activities and render an organization or individual vulnerable to further attacks Answer: A- Business email

Social engineering is an attack vector, while Business email is an attack surface. If it said Business Email Compromise, that would be an attack vector.

The correct answer is: B. Social engineering Explanation: This scenario describes a phishing attack, a type of social engineering where an attacker sends fraudulent emails pretending to be from a trusted source (in this case, human resources). The mismatched links suggest an attempt to deceive the employee into clicking a malicious link, possibly leading to credential theft or malware installation. Other options explained: A. Business email – Likely refers to Business Email Compromise (BEC), which involves targeted attacks on executives or finance personnel rather than generic phishing. C. Unsecured network – There is no indication that the employee is on an insecure network; the issue is the deceptive email content. D. Default credentials – This applies to systems left with manufacturer-set passwords, which is unrelated to phishing emails. Since the attacker is attempting to manipulate human behavior to gain access, this is a social engineering attack.

Why not the others? A. Business email (compromise) – This involves an attacker gaining control of a legitimate business email account, but in this case, the email appears to be a fake rather than a compromised real account. C. Unsecured network – An unsecured network could allow data interception, but it wouldn’t cause misleading links in an email. D. Default credentials – This refers to using factory-set usernames and passwords, which is unrelated to this phishing attempt.

Business email compromise (BEC) is an email-based social engineering attack

This is a social engineering attack done through phishing. Phishing typically involves sending mass emails to a large number of recipients, aiming to trick them into clicking on malicious links or providing sensitive information. The email in this scenario seems to fit this pattern, as it contains suspicious links that do not correspond to the company's legitimate links. Business Email Compromise (BEC), on the other hand, is more targeted. It often involves attackers gaining access to a legitimate business email account and using it to send fraudulent emails to specific individuals within the organization. These emails usually request actions like transferring funds or sharing confidential information. BEC attacks are generally more sophisticated and personalized compared to phishing.

It is not business email because this term refers to emails sent using an organization's domain and infrastructure, not necessarily indicative of an attack.

Social Engineering is right.

This lines up with A

The correct answer is A. > This is an example of Business Email Compromise (BEC). BEC is a type of phishing attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacker. In this scenario the email came from human resources, indicating that this is a BEC.

B. Social engineering

B. Social engineering Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security. In this case, the email containing suspicious links is an example of a phishing attempt, where attackers try to deceive the employee into clicking on malicious links that may lead to fraudulent sites or compromise their credentials.

Answer is B

I think that this question is a bit tricky in its language and its options of available answers. I would agree with A if it actually said " Business Email Compromise" but it simply says business email. B would be the correct answer because its actually mentioning a form of attack. Attack vector is literally referring to what kind of attack is being shown.

Social engineering: This refers to techniques used to manipulate people into performing actions or divulging confidential information. In this case, the attacker is using a legitimate-looking email from human resources to trick the new employee into clicking on malicious links. Business email compromise (BEC): While BEC can involve emails from legitimate-looking senders, it typically targets high-profile individuals or organizations for financial gain. In this case, the target is a new employee, and the goal seems to be to compromise their system.