CompTIA PenTest+ Practice Test

The term that describes a form of elicitation where an attacker impersonates a high-level executive is business email compromise (BEC). This tactic involves the fraudulent attempt to obtain sensitive information or unauthorized transfers of funds by pretending to be a trusted person, particularly someone in a position of authority, like an executive within a company. Attackers utilize sophisticated social engineering techniques to gain the confidence of their targets, often by researching executives and their communication styles to craft convincing emails that appear legitimate.

Spear phishing is a targeted attempt to steal sensitive information from a specific individual or organization by masquerading as a trusted entity, but it does not exclusively involve impersonating an executive. Whaling is a specific type of phishing aimed at high-profile individuals, often similar to BEC but typically focused on individuals at the very top of an organization, such as CEOs. Pretexting, while related to deception and manipulation, is a broader term that refers to creating a fabricated scenario to obtain information and does not specifically denote impersonation of executives in the context of business email communications. Thus, BEC encompasses the specific scenario of impersonating an executive for malicious purposes.