Which of the following is a common tactic used in phishing attacks?

Sending fraudulent emails to obtain sensitive information is a widely recognized tactic in phishing attacks. This method exploits social engineering techniques to manipulate individuals into divulging personal data, such as usernames, passwords, or financial details. Phishing emails often appear to come from reputable sources, which increases the likelihood of the recipient falling for the scam. The objective is to create a sense of urgency or authenticity, prompting victims to act quickly without verifying the legitimacy of the request.

In contrast, other options such as providing user guides, encouraging software updates, and offering free subscription services can be legitimate activities not inherently associated with phishing; they may risk misleading individuals but do not directly correspond to the typical modus operandi employed by phishers. Thus, the tactic of sending fraudulent emails explicitly aimed at extracting sensitive information makes this answer the most fitting in the context of phishing attacks.