nerdexam
EC-Council

312-50V13 · Question #456

Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails

The correct answer is B. Phishing. Explanation Option B (Phishing) is correct because Jack used fraudulent emails with malicious links sent to current employees - this is the hallmark of a phishing attack, which involves deceiving victims into clicking harmful links by disguising them as legitimate communications.

Submitted by rohit_dlh· Mar 6, 2026Social Engineering

Question

Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit. What is the technique used byjack to launch the fileless malware on the target systems?

Options

  • AIn-memory exploits
  • BPhishing
  • CLegitimate applications
  • DScript-based injection

How the community answered

(40 responses)
  • A
    3% (1)
  • B
    88% (35)
  • C
    8% (3)
  • D
    3% (1)

Explanation

Explanation

Option B (Phishing) is correct because Jack used fraudulent emails with malicious links sent to current employees - this is the hallmark of a phishing attack, which involves deceiving victims into clicking harmful links by disguising them as legitimate communications.

Why the distractors are wrong:

  • A (In-memory exploits): This describes how the fileless malware executes once delivered (running in RAM without touching disk), not the delivery technique Jack used - it's a characteristic of fileless malware, not the attack vector.
  • C (Legitimate applications): This fileless technique involves hijacking trusted programs (like PowerShell or WMI) to execute malware, which is not what Jack did to deliver the payload.
  • D (Script-based injection): This refers to injecting malicious scripts into running processes or browsers, which may describe what happens after the link is clicked, but not the initial delivery mechanism.

Memory Tip: Focus on the delivery method - whenever you see "fraudulent emails + malicious links + deceived employees," that's always Phishing. Think: "Phishing = fishing for victims with a fake bait (email)." Don't confuse the delivery technique with what the malware does after delivery.

Topics

#Phishing#Social Engineering#Fileless Malware#Exploit Delivery

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice