nerdexam
EC-Council

312-50V10 · Question #159

Bob received this text message on his mobile phone: "Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]". Which statement below is tru

The correct answer is A. This is scam as everybody can get a @yahoo address, not the Yahoo customer service. The message is a phishing scam because a legitimate bank would use an official corporate email domain, not a free consumer service like @yahoo.com. Anyone can register a @yahoo.com address, making it untrustworthy for official banking communications.

Social Engineering

Question

Bob received this text message on his mobile phone: "Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]". Which statement below is true?

Options

  • AThis is scam as everybody can get a @yahoo address, not the Yahoo customer service
  • BThis is scam because Bob does not know Scott.
  • CBob should write to [email protected] to verify the identity of Scott.
  • DThis is probably a legitimate message as it comes from a respectable organization.

How the community answered

(47 responses)
  • A
    94% (44)
  • C
    2% (1)
  • D
    4% (2)

Why each option

The message is a phishing scam because a legitimate bank would use an official corporate email domain, not a free consumer service like @yahoo.com. Anyone can register a @yahoo.com address, making it untrustworthy for official banking communications.

AThis is scam as everybody can get a @yahoo address, not the Yahoo customer serviceCorrect

Legitimate financial institutions use verified corporate email domains for customer communications, never free consumer email services that anyone can register. The sender using @yahoo.com to claim affiliation with 'Yahoo Bank' is a classic phishing indicator where attackers exploit brand name similarity to create false legitimacy. This technique is a form of social engineering designed to deceive victims into believing an unsolicited contact is from a trusted organization.

BThis is scam because Bob does not know Scott.

Not personally knowing the sender is insufficient evidence of fraud on its own, as legitimate businesses regularly contact new prospective employees; the technical red flag is the use of an illegitimate free email domain.

CBob should write to [email protected] to verify the identity of Scott.

Contacting the provided email address would engage directly with the attacker, potentially confirming the victim's identity and exposing Bob to further phishing attempts or social engineering.

DThis is probably a legitimate message as it comes from a respectable organization.

Using a free consumer @yahoo.com address rather than an official verified corporate domain is direct evidence against legitimacy, regardless of the organization name invoked in the message.

Concept tested: Phishing and social engineering via email domain spoofing

Source: https://www.cisa.gov/topics/cyber-threats-and-advisories/malicious-cyber-activity/phishing

Topics

#smishing#phishing#social engineering#impersonation

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice