Which type of phishing attack typically aims to gather private information by creating a trusted scenario?

Spear phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific individual or organization, often for malicious reasons. Unlike broad phishing attacks that cast a wide net, spear phishing utilizes personal information about the target to create a tailored and trusted scenario. This level of customization can involve using details that are publicly available or obtained through social engineering, making the recipient more likely to be deceived and ultimately tricked into providing private information, such as logging into a fraudulent website that appears legitimate.

In contrast, pharming redirects users from legitimate websites to fraudulent ones without their knowledge, often exploiting vulnerabilities in DNS systems, rather than creating a personalized, trusted scenario. Whaling, on the other hand, refers to spear phishing attacks that specifically target high-profile individuals within an organization, such as executives, focusing on their sensitive information but still employing a similar method as spear phishing. Spam encompasses unsolicited bulk messages, which are not specifically aimed at gathering private information under a trusted scenario but are more about mass communication, often leading to general phishing attempts rather than individualized attacks.

Thus, spear phishing is the correct choice, as its method of utilizing trusted scenarios tailored to specific individuals or organizations effectively distinguishes it from other forms of phishing attacks.