The correct answer is D. Smishing, which is a form of phishing attack conducted via SMS text messages. The key indicators in this scenario are the unexpected text message and the embedded link prompting the user to reset a password. These attacks rely on urgency and fear to trick users into clicking malicious links or providing credentials.
According to the Quentin Docter – CompTIA A+ Complete Study Guide, smishing attacks often impersonate legitimate organizations such as banks, IT departments, or service providers. The attacker claims that an account action is required, such as resetting an expired password, to prompt immediate user response.
The Travis Everett & Andrew Hutz – All-in-One Exam Guide explains that smishing is distinct from other phishing variants based on delivery method. Vishing uses voice calls, spear phishing targets specific individuals via email, and whaling targets high-level executives. Since this attack is delivered via text message, it is classified as smishing.
The Mike Meyers / Mark Soper Lab Manual reinforces that modern attackers increasingly use SMS because users often trust text messages more than emails. This makes smishing a highly effective and common attack vector.
Because the attack uses SMS with a malicious link, smishing is the correct answer.
