Advanced Placement (AP) Computer Science

What is phishing in the context of cybersecurity?

• A. Unauthorized access to a system through exploits
• B. Probing a network to gather information
• C. A method of tricking individuals into providing sensitive information
• D. A software designed to steal passwords

The correct answer is: A method of tricking individuals into providing sensitive information

Phishing is indeed a method of tricking individuals into providing sensitive information, such as passwords, credit card numbers, or personal identification details. It typically involves manipulating individuals through deceptive emails, messages, or websites that appear to be from legitimate sources. The goal of phishing is to lure the target into a false sense of security, prompting them to disclose valuable data or click on malicious links that may lead to further security breaches. This method relies heavily on social engineering tactics, which exploit human psychology rather than technical vulnerabilities in systems. In contrast, unauthorized access to a system through exploits pertains more to hacking techniques that take advantage of software flaws, while probing a network to gather information relates to reconnaissance strategies used by attackers to identify potential vulnerabilities without necessarily tricking individuals. Finally, a software designed to steal passwords refers to keyloggers or similar tools that operate through malware rather than the interactive and deceptive nature of phishing attempts. Thus, phishing remains a significant concern in the field of cybersecurity due to its reliance on manipulating human behavior rather than just technical means.