Certified Ethical Hacker (CEH v13) — Question 136

An experienced cyber attacker has created a fake LinkedIn profile, successfully impersonating a high-ranking official from a well-established company, to execute a social engineering attack. The attacker then connected with other employees within the organization, receiving invitations to exclusive corporate events and gaining access to proprietary project details shared within the network. What advanced social engineering technique has the attacker primarily used to exploit the system and what is the most likely immediate threat to the organization?

Answer options

• A. Whaling and Targeted Attacks
• B. Pretexting and Network Vulnerability
• C. Spear Phishing and Spam
• D. Baiting and Involuntary Data Leakage

Correct answer: A

Explanation

The attacker used whaling, a type of targeted attack aimed at high-profile individuals, to exploit trust within the organization. The threat is significant as it leads to unauthorized access to sensitive information and potential data breaches. Other options, such as spear phishing and baiting, do not accurately describe the method of impersonation and the immediate risk involved.