CompTIA Security+ (SY0-701) — Question 4

Which of the following scenarios describes a possible business email compromise attack?

Answer options

• A. An employee receives a gift card request in an email that has an executive’s name in the display field of the email.
• B. Employees who open an email attachment receive messages demanding payment in order to access files.
• C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
• D. An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal.

Correct answer: C

Explanation

Option C is correct because it involves a direct request for sensitive log-in credentials from a supposed authority figure, which is typical of business email compromise attacks. Other options either involve scams that do not directly target credentials (like gift card requests) or demand payments without impersonating an executive (like the attachment scenario), making them less representative of business email compromise.