Phishing
Definition
Phishing is an attack technique in which criminals impersonate a trusted party to steal sensitive information such as passwords or payment details. It occurs via email, SMS or fake websites.
In a phishing attack, adversaries send messages that appear to come from a trusted source, such as a bank, government body or colleague. The goal is to lure the recipient into clicking a malicious link, entering credentials or downloading malware.
Variants include spear phishing (targeting specific individuals), whaling (targeting executives) and smishing (via SMS). Phishing is responsible for a large proportion of all data breaches and ransomware infections worldwide.
Organisations defend against phishing through technical controls (email filters, MFA) and security awareness training for employees.