Which of the following is a common characteristic of phishing attacks?

Phishing attacks are characterized by their ability to impersonate legitimate sources in order to deceive individuals into providing sensitive information, such as usernames, passwords, or financial data. A key aspect of these attacks is the capability for customization, allowing attackers to tailor their messages to specific individuals or groups. This customization often involves using personal information gleaned from social media or other online sources to make the communication appear more authentic and appealing to the intended target.

By leveraging relevant details to align with the target's interests or circumstances, attackers enhance the likelihood of success in obtaining sensitive information. This personalization distinguishes phishing attacks, making them more effective compared to generic spam or mass email attempts.

In contrast, the other options do not align with the essence of phishing attacks. They are not legally sanctioned communications, they do not require extensive technical knowledge (as many phishing attacks can be executed with minimum skill), and they do not always originate from government agencies but rather from various malicious actors seeking to exploit individuals.