Security

Phishing

A social engineering attack that attempts to deceive individuals into revealing sensitive information or taking harmful actions through fraudulent communications.

Also known as:Email FraudSocial Engineering

What is Phishing?

Phishing is a type of social engineering attack where attackers impersonate trusted entities to deceive victims into revealing sensitive information, clicking malicious links, or taking other harmful actions. It's one of the most common and effective attack vectors.

Types of Phishing

Email Phishing

  • Mass email campaigns
  • Generic targets
  • Spoofed senders

Spear Phishing

  • Targeted individuals
  • Personalized content
  • Research-based

Whaling

  • C-level executives
  • High-value targets
  • Sophisticated attacks

Smishing

  • SMS-based
  • Mobile targeting
  • Link shorteners

Vishing

  • Voice/phone calls
  • Impersonation
  • Urgency tactics

Common Tactics

Urgency "Your account will be closed..."

Authority Impersonate CEO, IT, bank.

Fear "Security breach detected..."

Curiosity "You won't believe..."

Incentive "Claim your prize..."

Red Flags

  • Unexpected requests
  • Urgency or threats
  • Suspicious links
  • Grammar/spelling errors
  • Generic greetings
  • Mismatched URLs

Defense Strategies

Technical

  • Email filtering
  • Anti-phishing tools
  • URL analysis
  • DMARC/SPF/DKIM

Human

  • Security awareness training
  • Phishing simulations
  • Reporting culture
  • Verification procedures

Response

  • Don't click links
  • Report to security
  • Verify through other channels
  • Change passwords if clicked
Previous

Personally Identifiable Information (PII)

Next

Policy Engine