nerdexam
EC-Council

312-50V9 · Question #318

Bob received this text message on his mobile phone: ""Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]"". Which statement below is t

The correct answer is C. This is a scam as everybody can get a @yahoo address, not the Yahoo customer service. A legitimate bank representative would communicate using an official corporate email domain, not a free public service like @yahoo.com, which anyone can register.

Social Engineering

Question

Bob received this text message on his mobile phone: ""Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]"". Which statement below is true?

Options

  • AThis is probably a legitimate message as it comes from a respectable organization.
  • BBob should write to [email protected] to verify the identity of Scott.
  • CThis is a scam as everybody can get a @yahoo address, not the Yahoo customer service
  • DThis is a scam because Bob does not know Scott.

How the community answered

(16 responses)
  • A
    6% (1)
  • B
    13% (2)
  • C
    81% (13)

Why each option

A legitimate bank representative would communicate using an official corporate email domain, not a free public service like @yahoo.com, which anyone can register.

AThis is probably a legitimate message as it comes from a respectable organization.

The @yahoo.com domain belongs to a public email provider, not to any bank; using it for official bank communications is a direct red flag, not a sign of legitimacy.

BBob should write to [email protected] to verify the identity of Scott.

Replying to the provided address would contact the attacker directly, potentially exposing personal information or initiating further manipulation through continued social engineering.

CThis is a scam as everybody can get a @yahoo address, not the Yahoo customer serviceCorrect

Legitimate financial institutions and their employees use corporate email addresses tied to the organization's registered domain (e.g., @yahoobank.com), not free consumer email services. Because any person can create a @yahoo.com address with any display name, this message provides zero authentication of the sender's identity and is a classic social engineering or phishing attempt designed to create urgency around a 'vital transaction'.

DThis is a scam because Bob does not know Scott.

Not personally knowing Scott is not a reliable technical indicator of a scam - the definitive indicator is the use of a free public email domain instead of a verified corporate bank domain.

Concept tested: Phishing and social engineering email domain verification

Source: https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks

Topics

#phishing#smishing#social engineering#impersonation

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice