Q: An end-user received an email stating his bank account was compromised, and that he needs to click a link to reset his password. When the user visited the site, he recognized it as legitimate and entered his credentials which were captured by a hacker. What type of social engineering attack does this describe?
or
Q: An end user got an email saying that someone had hacked into his bank account and that he needed to click on a link to change his password. The user provided his credentials after visiting the website, which he recognized as authentic, only for a hacker to steal them. This describes what kind of social engineering attack?
- A baiting attack
- A phishing attack
- A tailgating attack
- A SQL injection attack
Explanation: It is clear that the situation you described is an example of a “Phishing” assault, more precisely an attack that includes sending misleading emails and creating a false website. In this particular instance, the user was sent a bogus email that said that their bank account had been hijacked. The email then referred them to a website that seemed to be authentic to change their password. The website, on the other hand, was under the hands of a hacker, and the user inadvertently gave their credentials, which were subsequently taken by the attacker. The use of social engineering techniques is often used in phishing attacks to deceive people into giving sensitive information.
