Certified Incident Handler (CIH) Practice Ecam

What type of attack involves impersonating a trusted source to trick individuals into providing sensitive information?

• A. Social engineering
• B. Ransomware
• C. Data breach
• D. Domain spoofing

The correct answer is: Social engineering

The type of attack that involves impersonating a trusted source to deceive individuals into disclosing sensitive information is social engineering. This tactic relies heavily on manipulating human psychology rather than exploiting technical vulnerabilities. Attackers may create a sense of urgency, fear, or trust to coerce individuals into providing confidential data, such as passwords or credit card numbers. Social engineering attacks often take the form of phishing emails, where attackers masquerade as legitimate companies or individuals. This approach can be highly effective because it exploits the inherent trust that people have in familiar entities—whether they are organizations, colleagues, or friends—making it essential for individuals to be aware of these tactics and approach requests for sensitive information with caution. In contrast, ransomware typically involves malicious software that locks or encrypts a user's files until a ransom is paid, while a data breach refers to unauthorized access to confidential data, often resulting from security vulnerabilities. Domain spoofing involves creating a fake domain that resembles a legitimate one to deceive users, but this is a specific technique that can be utilized within social engineering tactics. Therefore, the best fit for the described attack is social engineering, as it encompasses the broader strategy of manipulation through impersonation.