What type of attack does a Bait and Switch tactic fall under?

Bait and Switch is categorized as a social engineering attack because it manipulates individuals into acting on false pretenses. The tactic typically involves enticing a target with a promised reward or inducement—often something appealing or valuable—only to then substitute that promise with something less favorable or harmful once the target has engaged or clicked on the bait. This form of deception relies on psychological manipulation, exploiting the target's trust and curiosity.

Social engineering attacks, like Bait and Switch, fundamentally exploit human psychology rather than technical vulnerabilities. They hinge on the idea of deception, often leveraging social interactions and communication to achieve their aims. The effectiveness of such tactics lies in their ability to lead a person to make poor decisions, undermining the security of the individual or organization.

In contrast, other choices, such as physical security breaches, focus more on unauthorized access to physical locations, while network intrusions generally involve unauthorized access to a system or network through technical means. Malware distribution involves introducing malicious software into a system, typically to compromise security or data integrity. Each of these options lacks the direct manipulation of human behavior that is characteristic of social engineering attacks, making the classification of Bait and Switch as a social engineering tactic the most accurate.