Certified Ethical Hacker (CEH v11) — Question 42

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson's machine.
What is the social engineering technique Steve employed in the above scenario?

Answer options

• A. Diversion theft
• B. Quid pro quo
• C. Elicitation
• D. Phishing

Correct answer: B

Explanation

The correct answer is B, quid pro quo, as Steve impersonated a support technician and offered something (help with a supposed server issue) in exchange for the victim's compliance in executing commands. The other options do not fit: diversion theft involves misdirecting attention to steal, elicitation is about gathering information without raising suspicion, and phishing typically involves deceptive emails or messages rather than direct phone communication.