What type of social engineering attack was Jen a victim of when receiving an email from a look-alike account?

The scenario describes a situation where Jen received an email from a look-alike account, which suggests that the attack involved impersonation of a legitimate source to deceive the recipient into taking specific actions or providing sensitive information. This is characteristic of a business email compromise attack, which typically involves attackers posing as a trusted entity, often a company executive or partner, to manipulate employees into transferring funds or revealing confidential information.

In this case, the impersonation of a legitimate email source aligns with the strategies used in business email compromise, where the intent is usually to execute financial fraud or data theft. This distinguishes it from general phishing attacks, which can target a wider audience without the specific ties to a business relationship that characterize business email compromise.

Spear phishing also involves targeted attacks but usually focuses on specific individuals or organizations using personalized information. However, considering the description of a look-alike account, business email compromise more accurately captures the essence of the attack, as it emphasizes deception for financial gain or business advantage. Pretexting involves creating a fabricated scenario to obtain information, but it does not typically rely on email impersonation as the primary method of attack.