CompTIA ITF+ Practice Test 2025 – 400 Free Practice Questions to Pass the Exam

Phishing is a malicious technique used by cybercriminals to acquire sensitive information, such as usernames, passwords, credit card numbers, or other personal data, by pretending to be a trustworthy entity. This deceptive practice typically occurs through email, websites, or other online communication methods, where attackers create a guise of legitimacy to entice users into providing their personal information.

In contrast, the other options describe different concepts that do not relate to phishing. A legitimate means of sending secure messages refers to secure communication methods that protect the confidentiality of the messages being sent. Antivirus software is designed to detect, prevent, and remove malware from a computer system, which is not related to the act of deception intrinsic to phishing. Archival data storage tools are utilized for preserving and storing data long-term, and they don’t involve the acquisition of sensitive information through deceitful practices. Thus, the definition of phishing as an attempt to acquire sensitive information by masquerading as a trustworthy entity is accurate and aligns with its common understanding in cybersecurity.