Phishing

Social engineering by email to trick recipients into revealing credentials or running malware.

Phishing is social engineering by email to harvest credentials or deliver malware, and it remains one of the most common initial-access vectors for breaches. Know the variants: spear phishing targets a specific individual with tailored detail, whaling targets executives, and business email compromise (BEC) impersonates a trusted party to authorize payments. Layered defenses — email filtering, user training, and especially phishing-resistant MFA (FIDO2) — neutralize most credential-harvesting attempts even when a user is fooled.

Related terms

Back to Threats, Vulnerabilities, and Mitigations