Certified Ethical Hacker (CEH v13) — Question 171

An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware.
What is the best example of a scareware attack?

Answer options

• A. A pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"
• B. A banner appears to a user stating, "Your account has been locked. Click here to reset your password and unlock your account."
• C. A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue."
• D. A banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out your new delivery date."

Correct answer: C

Explanation

The correct answer is C because scareware is designed to create fear and urgency, prompting users to take immediate action under the pretense of a security threat. Options A, B, and D do not instill the same level of fear or urgency related to a security issue, focusing instead on rewards or account status without suggesting immediate danger.