Sending mass emails to obtain personal information is incorrect.
Explanation :
BEC attacks specifically use impersonation of executives or trusted contacts to deceive recipients into making unauthorized transactions or disclosing sensitive information.