True or False: Phishing is used legally by social engineers to gain sensitive information.

Phishing is a malicious practice where attackers masquerade as legitimate entities to deceive individuals into sharing sensitive information, such as passwords, credit card details, or personal identification. This tactic is considered illegal because it involves fraudulent actions that violate laws designed to protect individuals and their private information.

The legal framework surrounding phishing is built on principles of fraud and identity theft, which are universally recognized offenses in most jurisdictions. Any attempt to obtain sensitive information through deception is unethical and subject to legal penalties, regardless of the intent behind it. Thus, it is essential to view phishing not as a legitimate method of obtaining information but as a criminal activity that poses serious risks to individuals and organizations alike.

The other options suggest scenarios where phishing could be deemed acceptable or practiced legally, which contradicts the fundamental nature of phishing as a deceptive act intended to exploit victims.