a user on your network receives an e-mail from the bank stating that there has been a security incident at the bank. the e-mail asks the user to log on to her bank account by following the link provided and verify that her account has not been tampered with. what type of attack is this?