Skip to Content

CompTIA Security+ (Plus): What Type of Attack Involves Posing as IT to Trick Employees into Resetting Executive Passwords?

By: Author Alex Lim

Posted on

Categories Exam

What is pretexting in cybersecurity, and how do attackers use fabricated scenarios to manipulate employees into revealing sensitive information? Learn how pretexting works and how to recognize it—essential for CompTIA Security+ (Plus) SY0-701 exam success.

Table of Contents

Question

An attacker posing as an IT help desk employee calls an organization’s receptionist and convinces them to reset an executive’s password. What type of attack is this?

A. Tailgating
B. Phishing
C. Pretexting
D. Smishing
E. Dumpster diving

Answer

C. Pretexting

Explanation

Pretexting involves fabricating a scenario to trick someone into revealing sensitive information.

When an attacker poses as an IT help desk employee and convinces a receptionist to reset an executive’s password, this is a pretexting attack.

Pretexting is a social engineering technique where an attacker fabricates a believable scenario (the “pretext”) and assumes a false identity, often impersonating someone in a position of authority or trust, such as IT staff or management.

The attacker conducts research to make their impersonation convincing, then directly contacts the target (in this case, the receptionist) and manipulates them into taking actions or divulging confidential information—like resetting a password.

Pretexting differs from phishing, which typically uses mass emails and malicious links, by relying on direct, personalized interaction and a crafted story to gain the victim’s trust.

Real-world examples include attackers impersonating IT staff to request password resets, payroll changes, or access to sensitive systems, often exploiting urgency, authority, or fear to pressure the target into compliance.

These attacks can occur via phone, email, or in person, and are highly effective because they exploit human trust and established workplace roles.

Pretexting involves fabricating a scenario and impersonating a trusted authority to manipulate individuals into revealing sensitive information or performing unauthorized actions, such as resetting an executive’s password.

CompTIA Security+ (Plus) SY0-701 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CompTIA Security+ (Plus) SY0-701 exam and earn CompTIA Security+ (Plus) SY0-701 certification.