Certified Ethical Hacker (CEH v13) — Question 38

During a reconnaissance mission, an ethical hacker uses Maltego, a popular footprinting tool, to collect information about a target organization. The information includes the target's Internet infrastructure details (domains, DNS names, Netblocks, IP address information). The hacker decides to use social engineering techniques to gain further information. Which of the following would be the least likely method of social engineering to yield beneficial information based on the data collected?

Answer options

• A. Dumpster diving in the target company's trash bins for valuable printouts
• B. Impersonating an ISP technical support agent to trick the target into providing further network details
• C. Shoulder surfing to observe sensitive credentials input on the target’s computers
• D. Eavesdropping on internal corporate conversations to understand key topics

Correct answer: C

Explanation

Option C, shoulder surfing, is least likely to be effective since it requires physical proximity to the target, which is not guaranteed. In contrast, options A, B, and D all utilize broader social engineering techniques that can yield relevant information without needing direct access to the target's workspace.