You are tasked to perform a penetration test. While you are performing information gathering, you find an
employee list in Google. You find the receptionist’s email, and you send her an email changing the source email
to her boss’s email( boss@company ). In this email, you ask for a pdf with information. She reads your email
and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain
malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the
links, and her machine gets infected. You now have access to the company network.
What testing method did you use?

A.
Social engineering

B.
Tailgating

C.
Piggybacking

D.
Eavesdropping

Explanation:
Social engineering, in the context of information security, refers to psychological manipulation of people into
performing actions or divulging confidential information. A type of confidence trick for the purpose of information
gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a
more complex fraud scheme.
Incorrect Answers:
B: Using tailgaiting an attacker, seeking entry to a restricted area secured by unattended, electronic access
control, e.g. by RFID card, simply walks in behind a person who has legitimate access.
https://en.wikipedia.org/wiki/Social_engineering_(security)