312-50V11 · Question #949
An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware. What is the best example of a scareware attack?
The correct answer is D. A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click. Scareware uses fear-based security warnings about threats to manipulate users into clicking malicious links or installing malware.
Question
An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware. What is the best example of a scareware attack?
Options
- AA pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"
- BA banner appears to a user stating, "Your account has been locked. Click here to reset your
- CA banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out
- DA pop-up appears to a user stating, "Your computer may have been infected with spyware. Click
How the community answered
(21 responses)- B10% (2)
- C5% (1)
- D86% (18)
Why each option
Scareware uses fear-based security warnings about threats to manipulate users into clicking malicious links or installing malware.
This is a prize or lottery phishing lure that exploits greed and excitement rather than fear of a security threat, so it does not qualify as scareware.
This is an account phishing attack using urgency about access loss, which resembles pretexting or credential harvesting rather than a fear-based security warning.
This is a shipping or order-status phishing lure that exploits curiosity rather than fear of an immediate security threat, placing it in a different social engineering category.
This pop-up is a textbook scareware example because it fabricates a threat - a spyware infection - to create fear and urgency that pressures the user into clicking a link. The goal is to trick the victim into downloading actual malware or purchasing fake antivirus software. Scareware is defined by its use of alarming security warnings as the manipulation vector.
Concept tested: Scareware social engineering technique identification
Source: https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks
Topics
Community Discussion
No community discussion yet for this question.