Phishing is type of attack in computer field that is processed to hack or steal the data of authorized user.The attacker acts as trusted party and then interacts with the authorized user through email or messages to gain confidential information like pin code, credit card number, login details etc of that user.
According to the question, colleague is experiencing phishing as he has been requested for pin-code and credit-card number from a wrong source behaving as authorized bank.
Other options are incorrect because ransomware is attack that asks for ransom from authorized user for reviving their access. on system. Spoofing is falsifying as some other party to receive advantage.
Mail poisoning is inclusion of inappropriate details in email such as invalid email address etc.
Everyone these days can publish on various platforms, from social medias to blogs and numerous other ways. While it's great to have a bigger variety of sources of information, it's also getting harder and harder to identify the real provider of the information and its source.
Before, you had reputable content distributors (like newspapers), with professionally formed journalists to verify the information before publishing it. Yes, the information took longer time to get to the population, but it was verified. These days, everything can appear live on the medias, and sometimes it's hard to distinguish what is real from what is fake.