Define phishing and why it threatens DoD information security.

Phishing is a social engineering tactic that tricks people into revealing usernames, passwords, or other sensitive information, or into clicking links that install malware. This matters for DoD information security because stolen credentials can give unauthorized access to networks and systems, enabling data exfiltration, malware deployment, or lateral movement within trusted environments. Attackers often target the human element—through broad phishing emails or more targeted spear-phishing—so defenses must combine awareness training, robust email filtering, and technical controls like multifactor authentication and least-privilege access. Quick reporting of suspicious messages and verified contact checks for unusual requests are also essential. The other options describe activities unrelated to deception or credential theft, so they don’t capture what phishing does.