In social engineering, what term describes a technique used to mislead a victim into providing sensitive data?

The term that best describes a technique used to mislead a victim into providing sensitive data in social engineering is phishing. Phishing is a method where attackers impersonate legitimate entities, such as banks or reputable companies, typically through email or other communication channels, to trick individuals into sharing sensitive information like passwords, credit card numbers, or personal identification details.

Phishing exploits users' trust and emotions, often creating a sense of urgency or fear to prompt immediate action without thorough scrutiny. By mimicking official communications, attackers can effectively deceive individuals into divulging personal information that they would otherwise keep confidential. This widespread tactic is a core aspect of social engineering, targeting users on a broad scale.

While other terms like spoofing, spear phishing, and scamming relate to deceptive tactics in cyber security, phishing specifically encapsulates the broader and more common scheme of mass deception aimed at extracting sensitive information from multiple individuals. Spear phishing, for instance, is a more targeted form of phishing directed at specific individuals or organizations, but the general technique of misleading victims falls under the more comprehensive category of phishing.