Phishing

Phishing is a fraudulent attack aimed at stealing sensitive data via fake messages, emails, or websites. A common entry point for corporate breaches.

 

 

What is phishing?

Phishing is a deceptive technique used by attackers to trick individuals into voluntarily revealing sensitive information—such as login credentials, credit card numbers, or access to internal systems. This is usually done via email, SMS, or social media messages that appear to come from trusted sources like banks, colleagues, or official institutions.

 

How phishing appears in practice?

Common phishing scenarios include:

  • Fake bank email prompting a password change—link leads to a fraudulent site.
  • Message from "IT support" asking to verify a company account.
  • Email with an attachment posing as an invoice or contract but actually delivers malware.
  • Social media messages from “a friend” containing a malicious link to a fake site.
  • Voice phishing (vishing): – a phone call from someone posing as a banker or tech support agent.

 

In all cases, the attack exploits human trust and manipulation. Rather than breaching systems, attackers go through people.

 

How is phishing different from related terms?

  • Phishing vs. spear phishing
    • Phishing is broad and generic.
    • Spear phishing targets a specific person or company.
  • Phishing vs. malware
    • Phishing is a social engineering technique.
    • Malware is malicious code — phishing can serve as a tool to spread it.

 

Why this distinction matters:
Phishing is often the first step in a broader cyberattack, like ransomware deployment. Many organizations focus on technical controls, but phishing exploits the human element—the weakest link in security.

 

How to detect or prevent phishingu 

Recommended steps:

  1. Train employees to recognize phishing and respond appropriately.
  2. Conduct phishing simulations to test and improve awareness.
  3. Implement technical protections – anti-phishing filters, multi-factor authentication.
  4. Simplify incident reporting – make it easy for staff to flag suspicious messages.
  5. Regularly review and update response procedures and awareness materials.

 

Why It Matters
Phishing is cheap, effective, and extremely common. Attackers don’t need to “break in” if a trusting employee hands over access. That’s why phishing remains one of the top causes of corporate security incidents. Awareness, vigilance, and layered defenses are essential.

back to glossary