Which attack method uses deceptive websites to capture personal credentials?

Phishing is a cyberattack method that employs deceptive websites or communications to trick individuals into providing personal credentials, such as usernames and passwords. This method often involves sending emails that appear legitimate, containing links to fake websites that closely mimic real ones, like banking or social media sites. Once users enter their credentials on these fraudulent sites, attackers can capture this sensitive information.

Phishing typically targets a wide audience, making it a common and widespread threat. Users may not initially realize they are interacting with a fraudulent source, leading them to divulge their information unknowingly.

In contrast, while identity theft can involve the theft of personal information, it does not specifically denote the use of deceptive websites, focusing more on the unauthorized usage of someone else's identity. Whaling is a more targeted form of phishing aimed at high-profile individuals, such as executives, but relies on similar deceptive tactics. Pharming differs from phishing in that it redirects users from legitimate websites to fraudulent ones without their knowledge, often through technical means like DNS spoofing, rather than using deceptive communications to lure users.