Certified Ethical Hacker (CEH v12) — Question 274

An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware.

What is the best example of a scareware attack?

Answer options

• A. A pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"
• B. A banner appears to a user stating, "Your account has been locked. Click here to reset your password and unlock your account."
• C. A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue."
• D. A banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out your new delivery date."

Correct answer: C

Explanation

The correct answer, C, exemplifies scareware as it instills fear by suggesting that the user's computer is infected, prompting them to click on a link to resolve the issue. Options A and D do not invoke fear related to security threats, and option B, while alarming, relates more to account access rather than a direct malware threat, making C the most fitting example of scareware.