nerdexam
EC-Council

312-50V11 · Question #949

An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware. What is the best example of a scareware attack?

The correct answer is D. A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click. Scareware uses fear-based security warnings about threats to manipulate users into clicking malicious links or installing malware.

Social Engineering

Question

An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware. What is the best example of a scareware attack?

Options

  • AA pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"
  • BA banner appears to a user stating, "Your account has been locked. Click here to reset your
  • CA banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out
  • DA pop-up appears to a user stating, "Your computer may have been infected with spyware. Click

How the community answered

(21 responses)
  • B
    10% (2)
  • C
    5% (1)
  • D
    86% (18)

Why each option

Scareware uses fear-based security warnings about threats to manipulate users into clicking malicious links or installing malware.

AA pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"

This is a prize or lottery phishing lure that exploits greed and excitement rather than fear of a security threat, so it does not qualify as scareware.

BA banner appears to a user stating, "Your account has been locked. Click here to reset your

This is an account phishing attack using urgency about access loss, which resembles pretexting or credential harvesting rather than a fear-based security warning.

CA banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out

This is a shipping or order-status phishing lure that exploits curiosity rather than fear of an immediate security threat, placing it in a different social engineering category.

DA pop-up appears to a user stating, "Your computer may have been infected with spyware. ClickCorrect

This pop-up is a textbook scareware example because it fabricates a threat - a spyware infection - to create fear and urgency that pressures the user into clicking a link. The goal is to trick the victim into downloading actual malware or purchasing fake antivirus software. Scareware is defined by its use of alarming security warnings as the manipulation vector.

Concept tested: Scareware social engineering technique identification

Source: https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks

Topics

#scareware#social engineering#malware pop-up#user manipulation

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice