During a penetration test, you are tasked with crafting a phishing campaign to test the organization's resilience to social engineering efforts. Using the Social Engineering Toolkit, which of the following would be the BEST approach to emulate a realistic spear-phishing attack?
Clone a known trusted site and slightly modify it to collect user credentials.
Replicate an exact copy of their public website to confuse employees.
Modify the organization's public website to redirect to your malicious site.
Send out generic business-related documents that contain no organization-specific information.