The CEO of the company you work for has been receiving emails that appear to be from the local IT department. The emails address her user account, and instruct her to click a link in order to verify her password. Which type of attack is this?