Which of the following is a common type of social engineering attack?

Phishing is a common type of social engineering attack in which an attacker attempts to deceive individuals into divulging confidential information, such as usernames, passwords, or credit card details. This is typically accomplished through seemingly legitimate communications, often sent via email, that can mimic trusted entities to entice recipients to click on malicious links or provide sensitive information.

Phishing takes advantage of human psychology by creating a sense of urgency or fear, which can lead individuals to act quickly without critically evaluating the situation. Understanding the mechanisms of phishing is crucial for developing effective defenses against it, as it emphasizes the importance of user awareness and education in data security practices.

Other options listed, such as brute force attacks, SQL injection, and XSS attacks, primarily exploit technical vulnerabilities rather than manipulating human behavior and trust, which is the hallmark of social engineering attacks.