Which of the following is not a characteristic of phishing attacks?

Phishing attacks are primarily characterized by their use of deceptive emails to trick individuals into divulging sensitive information, such as login credentials or financial details. These attacks often aim at a broad audience or may target specific individuals, such as high-profile targets in a technique known as spear-phishing, but the core tactic revolves around manipulation and deceit rather than direct financial gain.

Immediate financial gain typically does not encapsulate all phishing incidents, as many are designed for gathering information for future exploitation or situational manipulation, rather than instant monetary transactions or losses. This distinguishes phishing from other cybercrime tactics that may focus explicitly on immediate financial theft, hence it is not considered a defining characteristic of phishing.

On the other hand, malware installation can sometimes be a component of phishing schemes when victims are tricked into downloading harmful software, but it is not a universal element of all phishing attacks. The primary focus of phishing attacks is the extraction of sensitive data through deceptive means, which does not inherently involve immediate monetary gain.