An attacker sends an email to employees, indicating that only a limited number of accounts can be secured against a new threat, and they need to act fast to protect their data. What principle of social engineering is being exploited?

An employee receives an urgent email claiming that their email account will be deactivated unless they verify their login details immediately. The email contains a link to a fake login page. What principle of social engineering is being exploited here?

An attacker stands close to a person using an ATM and memorizes their PIN by watching them enter it. What type of social engineering attack is this?

An attacker calls an employee, pretending to be from the IT department, and asks for their username and password to resolve an urgent issue. What type of social engineering attack is this?

An attacker sends an email to a group of employees, claiming that most of their colleagues have already signed up for a new company initiative that requires logging into an external portal. The email includes testimonials from supposed coworkers who have benefited from the initiative and encourages recipients to join them. What principle of social engineering is being exploited in this scenario?

An attacker closely follows an authorized employee into a secured building by quickly slipping in before the door closes, without using a badge. What type of social engineering attack is this?

An email is sent to employees, claiming that a popular software used within the company has a critical vulnerability and includes a link to a supposed patch. The email looks legitimate and uses logos and language familiar to the employees. What type of social engineering attack is this?

A hacker identifies a commonly visited website by employees of a target company and injects malicious code into the site. When employees visit the site, their systems become infected with malware. What type of social engineering attack is this?

An attacker pretends to be a trusted vendor and calls an employee to gather information about the company’s network infrastructure. What type of social engineering attack is this?

An attacker sifts through a company’s trash to find discarded documents that contain sensitive information such as usernames, passwords, and financial data. What type of social engineering attack is this?

A cybercriminal creates a fake LinkedIn profile of a former employee and connects with current employees to gather information about the company’s security protocols. What principle of social engineering is being utilized?

An employee receives an email from what appears to be their bank, requesting them to click a link and update their account information to avoid service disruption. The email looks legitimate but is actually a fraudulent attempt to steal sensitive information. What type of social engineering attack is this?

An attacker sets up a fake Wi-Fi hotspot near a company’s building, naming it similarly to the company’s legitimate network. Employees connect to the hotspot, and the attacker intercepts their data. What type of social engineering attack is this?

A high-ranking executive receives a personalized email from a supposed colleague, requesting sensitive financial information for an urgent project. The email is highly targeted and appears authentic. What type of social engineering attack is this?

An attacker sends an email claiming that a new company policy requires immediate compliance with attached instructions. Employees are warned that non-compliance will result in disciplinary action. What principle of social engineering is being used here?

A phishing email is sent to all employees in an organization, urging them to click on a link to update their security settings. This email appears to come from the IT department. What principle of social engineering is primarily being used?

An attacker sends a fake security alert email to multiple employees, claiming that their system is at risk and they need to download and install an attached “security patch”. What type of social engineering attack is this?