What type of attack does phishing typically involve?

• A. Physical theft of hardware
• B. Compliance checks and audits
• C. Deceptive communication aimed at tricking users
• D. DDoS attacks to disrupt network service

Answer: (C)

Phishing typically involves deceptive communication aimed at tricking users into revealing sensitive information, such as usernames, passwords, or financial details. This form of attack often uses emails or instant messages that appear to come from credible sources, such as banks or online services. The goal is to manipulate users into clicking on a malicious link or providing personal information under false pretenses. Because phishing relies heavily on social engineering techniques, it exploits human behavior and trust rather than relying on technical vulnerabilities. Understanding this method is crucial for recognizing, preventing, and responding to such attacks in cybersecurity practices.