nerdexam
EC-Council

312-50V9 · Question #590

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one

The correct answer is D. Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks. This question describes a phishing attack and asks which protective measure is incorrectly stated. The incorrect statement claims that security software can 'very easily' detect phishing attacks.

Social Engineering

Question

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam. Which of the following statement is incorrect related to this attack?

Options

  • ADo not reply to email messages or popup ads asking for personal or financial information
  • BDo not trust telephone numbers in e-mails or popup ads
  • CReview credit card and bank account statements regularly
  • DAntivirus, anti-spyware, and firewall software can very easily detect these type of attacks
  • EDo not send credit card numbers, and personal or financial information via e-mail

How the community answered

(31 responses)
  • B
    3% (1)
  • C
    3% (1)
  • D
    94% (29)

Why each option

This question describes a phishing attack and asks which protective measure is incorrectly stated. The incorrect statement claims that security software can 'very easily' detect phishing attacks.

ADo not reply to email messages or popup ads asking for personal or financial information

Not replying to emails or popups requesting personal or financial information is a valid and widely recommended anti-phishing best practice.

BDo not trust telephone numbers in e-mails or popup ads

Distrusting phone numbers embedded in suspicious emails is a valid defense because attackers include fake support numbers to further social engineer victims into disclosing information.

CReview credit card and bank account statements regularly

Regularly reviewing bank and credit card statements is a valid control that helps detect unauthorized transactions resulting from stolen credentials.

DAntivirus, anti-spyware, and firewall software can very easily detect these type of attacksCorrect

Phishing attacks are social engineering attacks that exploit human psychology through convincing fraudulent emails and spoofed websites, not malicious executable code that security software is designed to detect. Antivirus, anti-spyware, and firewall tools cannot reliably identify legitimate-looking phishing emails or credential-harvesting pages because no malware payload is delivered. These tools provide minimal protection against phishing since the attack vector is deception, not technical exploitation.

EDo not send credit card numbers, and personal or financial information via e-mail

Avoiding transmitting credit card numbers and personal data via email is a valid practice since standard email is an unencrypted, insecure channel.

Concept tested: Phishing attack defenses and security software limitations

Source: https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/phishing

Topics

#phishing#credential theft#antivirus limitations#social engineering

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice