CompTIA Security+ Social Engineering: Phishing, Vishing, Smishing, and Whaling

Anyone researching Security+ social engineering eventually runs into the same question: what does Security+ actually demand? CompTIA's current Security+ exam is SY0-701, launched on November 7, 2023. It is a single-exam certification priced at $425, capped at maximum of 90 questions, timed at 90 minutes, and scored on a 100–900 scale with 750 required to pass.

Social engineering attack types

Phishing is email-based: the attacker spoofs a trusted sender, injects urgency, and directs the victim to a fake site. Vishing is voice-based: the attacker calls impersonating help desk staff and requests credentials or MFA codes. Smishing is SMS-based: the lure arrives by text message with a link or callback number. Whaling targets executives with legal, finance, or board-level pretexts.

Pretexting is the fabricated backstory that makes any of these attacks believable. Tailgating is the physical equivalent — following an authorized person through a secured door. Baiting involves leaving malicious media (USB drives) where victims will find and use them.

Key distinctions the exam tests

Pretexting and vishing are not the same: pretexting is the invented story, vishing is the delivery channel. Phishing and smishing differ by medium — email versus SMS. Whaling and spear phishing differ by target — executives versus specific individuals generally.

What should you do with this information next?

Our CompTIA Security+ study guide covers all five SY0-701 domains. Available at securitypluscertprep.com/guide.

SimpuTech's Security+ AI tutor can build a personalized study plan. Try it at SimpuTech.com.