Cybersecurity
Phishing
Definition
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
Why It Matters
Phishing is one of the most common and effective attack vectors because it exploits human psychology rather than just technical vulnerabilities. It is the primary method for initial access in many major security breaches.
Contextual Example
An employee receives an email that looks like it's from their bank, asking them to "verify their account details" by clicking a link. The link leads to a fake website that looks identical to the real bank's site, designed to steal their password.
Common Misunderstandings
- "Spear phishing" is a more targeted version of phishing that is directed at a specific individual or organization.
- The best defense is user education and skepticism towards unsolicited requests for information.