This scenario most closely matches spam and phishing delivered through social networking platforms, a technique emphasized in CEH social engineering coverage as social media phishing or spear phishing via professional networks. Nadia impersonates a trusted internal authority figure, a senior HR manager, and uses believable branding elements such as a stolen logo and accurate employee details to establish credibility. She then initiates contact through connection requests and funnels targets into a controlled space, a private group, where she requests sensitive information. Collecting a work email address and department role may appear harmless, but CEH guidance notes that attackers often start with small, plausible requests to build trust and assemble data for deeper compromise. Work emails and roles enable targeted spear phishing, business email compromise preparation, password reset targeting, and crafting convincing pretexts aligned to the victim’s function.

The core mechanics align with phishing: deception, impersonation, and a call to action designed to extract information. The “exclusive project updates” hook is a classic lure used to increase compliance. While the exercise could lead to involuntary data leakage as a downstream effect, the primary simulated threat is the phishing process itself, using social media as the delivery channel. Loss of productivity is not the intent here, and network vulnerability exploitation refers to technical system flaws rather than manipulating human trust. Therefore, the most accurate classification of Nadia’s drill is spam and phishing conducted through a social media pretext.