Phishing
A social engineering technique involving impersonation of a trusted entity to steal credentials, personal data or trick the victim into performing a harmful action.
What is Phishing?
Phishing is the most commonly used social engineering technique in cyber-attacks. The attacker impersonates a trusted entity - a bank, service provider, colleague, government agency - and sends a fraudulent message (most commonly email) to steal login credentials, credit card data, personal information or trick the victim into executing malicious software.
Phishing takes various forms. Email phishing - mass-distributed messages to large groups of recipients. Smishing - phishing via SMS. Vishing - voice phishing over the phone. Clone phishing - duplicating a legitimate message with a replaced link or attachment. Quishing - phishing using QR codes. Business Email Compromise (BEC) - impersonating a CEO or CFO to authorise a wire transfer.
Modern phishing campaigns are increasingly difficult to distinguish from legitimate correspondence. Attackers use typosquatting domains, stolen SSL certificates, cloned login pages and data from previous breaches to personalise messages.
Why does it matter?
Phishing is the initial attack vector in over 80% of security incidents. Even advanced technical defences can be circumvented if an employee clicks a malicious link and provides their credentials. Effective defence requires a combination of technical measures (email filtering, MFA, EDR) and employee training with simulated phishing campaigns.
Related topics
Related terms
Related SEQRED services
Need help in this area?
Our experts will help you assess the risk and plan next steps.