Social engineering is an attack technique thatmanipulates human behaviorto gain unauthorized access to systems or information, making option A the correct answer. Asking users to disclose their passwords over the phone is a classic example of social engineering, often referred to as vishing (voice phishing).
Unlike technical attacks that exploit software vulnerabilities, social engineering targets human trust, fear, urgency, or lack of awareness. Attackers may impersonate IT staff, managers, or trusted vendors to convince victims to reveal credentials or perform harmful actions.
Option B is incorrect because antivirus software is a defensive security control, not an attack method. Option C is incorrect because updating the operating system is a security best practice that helps mitigate vulnerabilities.
From an ethical hacking standpoint, testing for social engineering vulnerabilities helps organizations understand their exposure tohuman-based attack vectors, which are among the most effective and commonly used by attackers. Ethical hackers may conduct controlled phishing simulations to assess employee awareness and response.
Mitigating social engineering attacks requires user training, security awareness programs, strong authentication methods, and clear verification procedures. Understanding social engineering is critical for building comprehensive defense strategies.
Submit