Exam SY0-501 topic 1 question 158 discussion

It cant be whaling since it says it is coming from what appears to be the CEO. It cant be spear-phishing since it is only going to one employee and doesn't seem like this employee is high up in the food chain. I want to say this is social engineering since it is coming from someone high up asking for classified information and most likely it is with a sense of importance. A classic example of a social engineering attack

Social engineering is the principle, spear phishing is the method of attack used. I think the right answer is D.

The attack described in the question is an example of a social engineering attack. Social engineering attacks rely on manipulating individuals to disclose sensitive information or perform actions that they would not typically perform under normal circumstances. In this scenario, the attacker is impersonating the CEO of the company, which is a form of pretexting. The attacker is attempting to trick the employee into disclosing sensitive information, specifically security credentials for all users.

Keyword is CEO receiving this type of email - Spear Phishing

From Kaspersky: Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

I see exactly why there is only 65% first time pass rate....some on here dont seem to know that SPEARFISHING is AIMED at a single person....ya know, like that single Halibut tou throw a spear at? JEEZ, answer is SPEARFISH, now move on!

As long as you see anything regarding email, think of phishing.

How do ppl even pass the exam with questions like this???

There is multiple definitions of Spear phishing online. On the CompTia 2019 update, Exam SYO-501 book, it says "Spear phishing refers to a phishing scam where the attacker has some information that makes an individual target more likely to be fooled by the attack. The attacker might know the name of a document that the target is editing, for instance, and send a malicious copy, or the phishing email might show that the attacker knows the recipient's full name, job title, telephone number, or other details that help convince the target that the communication is genuine." So I can be an individual according to this definition, so I go with D.

D. Spear phishing, the target are all users...

"Source: Get Certified Get Ahead - Darril Gibson." Spear phishing is a targeted form of phishing. Instead of sending the email out to everyone indiscriminately, a spear phishing attack attempts to target specific groups of users, or even a single user. Spear phishing attacks may target employees within a company or customers of a company. As an example, an attacker might try to impersonate the CEO of an organization in an email. It’s relatively simple to change the header of an email so that the From field includes anything, including the CEO’s name and title. Attackers can send an email to all employees requesting that they reply with their password. Because the email looks like it’s coming from the CEO, these types of phishing emails fool uneducated users.

whaling like on kaspersky web site - In 2016, the payroll department at Snapchat received a whaling email seemingly sent from the CEO asking for employee payroll information.

Since the email came from CEO there would be authority and familiarity to the employee. D sounds correct. Spear fishing could be a single person or a group of ppl in a single organization

I said it earlier I'll say it again...comptia questions are complete garbage.

The answer is correct D - Spear Phishing. Note it was answered in question #2 Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority.

Spear phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.

Darill gibson book : Spear phishing is a targeted form of phishing. Instead of sending the email out to everyone indiscriminately, a spear phishing attack attempts to target specific groups of users, or even a single user. Spear phishing attacks may target employees within a company or customers of a company. As an example, an attacker might try to impersonate the CEO of an organization in an email