Certiport CyberSecurity Certification Practice Exam

The correct answer is spear phishing, which is a targeted attack aimed at a specific individual or organization. Unlike general phishing attacks that use broad and generic information to deceive many potential victims, spear phishing employs personalized information that makes the communication appear more legitimate and credible. This can include the use of the target's name, job title, or references to specific projects or relationships.

By utilizing this tailored approach, attackers increase the likelihood of the target taking the bait, such as clicking on a malicious link or disclosing sensitive information. The effectiveness of spear phishing lies in its ability to exploit trust and the personal nature of the communication, making it a dangerous form of cyber threat.

In contrast, other forms of phishing—such as vishing (voice phishing) and smishing (SMS phishing)—may use different mediums or tactics, but they do not specifically focus on the individualization that spear phishing does.