What type of social-engineering attack is conducted by creating a fake website to trick users into providing personal information?

The type of social-engineering attack described involves creating a fake website to deceive users into entering their personal information. This scenario is best characterized as a watering-hole attack. In this strategy, the attacker compromises a specific website that they know potential victims frequently visit. Once users are directed to this malicious website, they may unknowingly provide sensitive information such as login credentials, credit card numbers, or other personal details.

This method relies on the understanding of the target audience and their online habits, allowing attackers to establish a fraudulent but seemingly legitimate site that captures user data. The term "watering-hole" metaphorically compares the website to a watering hole where users gather, similar to how predators might wait at a known watering source to catch prey.

Typosquatting, on the other hand, relates to creating a fake website with a domain name that is a common misspelling of a legitimate site, which could also trick users but focuses more on typos rather than general deception. Information elicitation refers to techniques used to gather information from individuals, often in conversation, but does not imply the creation of a deceptive website. Impersonation typically involves an attacker pretending to be someone else to gain information or access, excluding the use of fake websites.