Exam SY0-701 topic 1 question 465 discussion

The correct answer is: A. Business Email Compromise (BEC) Explanation: Business Email Compromise (BEC) is a targeted attack where attackers impersonate a trusted entity (e.g., a bank or executive) to trick victims into performing financial transactions or revealing sensitive information. In this scenario, the attacker sent an urgent payment request appearing to come from the bank, which is a hallmark of BEC. Other Options: B. Vishing: Involves voice-based phishing attacks over the phone, which is not relevant here as the communication was via email. C. Spear Phishing: Although this attack is also targeted, spear phishing typically involves obtaining sensitive information like credentials, not direct wire transfer requests. D. Impersonation: While impersonation is a tactic used in BEC, it’s not the specific attack type described in this scenario.

The correct answer is: A. Business email compromise Explanation: Business Email Compromise (BEC) is a type of social engineering attack where an attacker impersonates a high-level executive, a trusted vendor, or another party within the organization to trick employees into transferring money or sensitive information. In this case, the attack involves the accounting department receiving an urgent payment message, which is a hallmark of BEC. The attackers typically use social engineering tactics to create a sense of urgency and deceive the victim into transferring funds.

From CompTIA study guide: BEC= An impersonation attack in which the attacker gains control of an employee’s account and uses it to convince other employees to perform fraudulent actions. Pretty much describes what is going on here.

Examples of spear phishing attacks include: CEO fraud, where a threat actor impersonates a CEO to trick employees into transferring money Invoice fraud Bank transfer fraud Employee fraud