Certified Ethical Hacker (CEH v11) — Question 106
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?
Answer options
- A. Social engineering
- B. Piggybacking
- C. Tailgating
- D. Eavesdropping
Correct answer: A
Explanation
The correct answer is A, Social engineering, as it involves manipulating individuals into divulging confidential information or performing actions that compromise security. The other options do not apply here; Piggybacking refers to unauthorized access following an authorized person, Tailgating is a physical security breach by following someone into a restricted area, and Eavesdropping involves intercepting communications, none of which describe the email manipulation and deception used in this scenario.