312-50V12 Question #292: Real Exam Question with Answer & Explanation

Question

An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware. What is the best example of a scareware attack?

Options

• AA pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"
• BA banner appears to a user stating, "Your account has been locked. Click here to reset your
• CA pop-up appears to a user stating, "Your computer may have been infected with spyware. Click
• DA banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out

Explanation

Scareware is a social engineering technique that uses fear-inducing messages to trick users into taking a harmful action, typically by falsely warning them of a security threat on their system.

Common mistakes.

• A. This describes a prize or reward lure, which is a form of phishing or baiting that uses greed and excitement rather than fear as the psychological trigger.
• B. This is an example of a credential harvesting or account-takeover phishing attack that mimics a legitimate account lockout notice, not a scareware attack based on security threat intimidation.
• D. This is a phishing lure that impersonates a trusted brand (Amazon) using a delivery pretext to induce clicks, relying on curiosity or concern about a purchase rather than fear of a security threat.

Concept tested. Identifying scareware as a social engineering method

Reference. https://www.cisa.gov/news-events/news/recognizing-and-avoiding-email-scams

No community discussion yet for this question.