The correct answer is B. Impersonation because Rachel’s primary technique is pretending to be a specific, legitimate employee (“Mark Stevens, a senior finance manager”) to induce the HR staffer to disclose or transmit sensitive information. In CEH-aligned social engineering concepts, impersonation is the act of assuming another person’s identity or role—often someone with authority or a believable business need—to gain trust and persuade the target to perform an action they otherwise should not (such as sharing confidential documents, resetting credentials, or bypassing verification steps).

The scenario includes multiple social engineering influence factors commonly emphasized in CEH: authority (claiming to be a senior finance manager and referencing the CFO), urgency (“upcoming presentation” and “urgently needs”), and pressure to reduce the likelihood the staffer follows standard validation procedures. These elements strengthen the impersonation by making the request feel both legitimate and time-sensitive, increasing compliance. The target’s reaction—feeling compelled due to Rachel’s authoritative tone—matches the expected psychological effect of impersonation attacks.

Why the other options are less correct: Vishing (voice phishing) is a delivery channel—social engineering conducted via phone calls. While this interaction occurs over the phone, the question asks for the technique being demonstrated. The defining technique here is the identity deception (impersonation) rather than merely the medium. Quid pro quo involves offering something in exchange (e.g., “I’ll fix your issue if you give me your password”), which is not present. Reverse social engineering involves the attacker creating a problem and positioning themselves as the helper so the victim contacts them; that is not described because Rachel initiates the call and directly requests the document.

Therefore, the most accurate classification of Rachel’s method is Impersonation.