What type of attack involves a fraudulent email that appears to come from a trusted colleague requesting sensitive financial information?

The scenario described aligns with business email compromise, which is a specific type of phishing attack focused primarily on business or corporate environments. In this case, the fraudulent email appears to come from a trusted colleague, which is a hallmark of business email compromise tactics. Attackers often impersonate a colleague or someone with authority within the organization to trick employees into divulging sensitive information, such as financial details, login credentials, or other confidential data.

Business email compromise attacks leverage social engineering techniques, exploiting the trust that employees have in each other within a workplace setting. This method can be particularly effective when attackers do their homework and make their messages appear legitimate or time-sensitive, thus increasing the likelihood that the recipient will comply with the request.

While phishing in general refers to any deceptive attempt to obtain sensitive information by masquerading as a trustworthy entity, business email compromise is a more refined form of phishing specifically targeting businesses and using employee dynamics to facilitate the attack. This context helps clarify why the answer is focused on business email compromise, differing from general phishing or the other types listed, which involve broader or different tactics.