Certified Ethical Hacker (CEH v11) — Question 291

An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware.
What is the best example of a scareware attack?

Answer options

• A. A pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"
• B. A banner appears to a user stating, "Your account has been locked. Click here to reset your password and unlock your account."
• C. A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue."
• D. A banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out your new delivery date."

Correct answer: C

Explanation

The correct answer, C, exemplifies scareware by instilling fear in the user about a potential spyware infection, prompting them to click for a solution. Options A, B, and D do not aim to scare the user into taking immediate action related to a security threat but rather present misleading information about prizes, account issues, or delivery dates.