SANS Assessment of Student Learning Plan (ASLP) Security Awareness Training 2026 - Free Practice Questions and Study Guide

Gathering detailed information about the target is a common tactic used by cybercriminals during targeted attacks because it allows them to create highly personalized and convincing approaches that increase the likelihood of success. This process, often referred to as reconnaissance, involves collecting data from various sources, such as social media, company websites, and public records. By understanding the target's interests, behaviors, and vulnerabilities, attackers can craft tailored communications or exploit specific weaknesses in the target's defenses, making their attacks more effective.

In contrast, while randomly sending phishing emails, using known malware, and offering fake rewards can be part of cybercriminal strategies, they typically reflect broader approaches, rather than the focused and meticulous planning characteristic of targeted attacks. Random phishing emails often aim at a wide audience with variable success, while leveraging known malware might not require the same depth of research about the target. Similarly, fake rewards might lure individuals into traps, but they usually do not involve the same level of customization that results from thorough intelligence gathering on the target.