Question

Alex has been asked to investigate a call to one of his organization's system administrators that is believed to have led to a breach. The administrator described that call by saying that the caller identified themselves as the assistant to the director of sales and said that they needed access to a file that was critical to a sales presentation with a major client but that their laptop had died. The administrator provided a link to the file, which included the organization's sales data for the quarter. What type of social engineering occurred?

A. Baiting
B. Quid pro quo
C. Pretexting
D. Whaling

Answer 1

The type of social engineering that occurred is pretexting, where the attacker creates a fictional story to manipulate a person into revealing sensitive information. Whaling, which involves targeting high-ranking individuals, is also relevant to this scenario.

Step-by-step explanation:

The type of social engineering that occurred in this scenario is pretexting. Pretexting is a technique where an attacker creates a fictional scenario or story to manipulate a person into revealing sensitive information or granting unauthorized access. In this case, the caller pretended to be the assistant to the director of sales in need of access to a critical file, exploiting the organization's trust.

Another type of social engineering that could be relevant to this scenario is whaling. Whaling refers to targeting high-ranking individuals or executives within an organization. By impersonating a high-level employee, the attacker increases their chances of successfully manipulating others into providing access or information.

This scenario does not align with the other options mentioned. Baiting involves enticing a person with something appealing, like a USB drive containing malware. Quid pro quo involves offering something in exchange for sensitive data or access. Neither of these tactics are present in the given scenario.