GLOSSARY / Phishing
What is Phishing?
A social-engineering attack that tricks people into revealing credentials or installing malware through fraudulent emails, websites, or messages.
Phishing impersonates a trusted brand or person to manipulate the victim into clicking a malicious link, entering a password on a fake login page, or opening a weaponized attachment. It is the most common initial-access vector in real-world breaches.
Variants include spear phishing (targeted at a specific person), whaling (targeting executives), smishing (SMS), and vishing (voice). Modern kits proxy the real login page to steal session cookies and bypass MFA.
Use phishing-resistant MFA (FIDO2/passkeys), train users to verify sender domains, and scan suspicious links before clicking.
Related free tools
Related terms
Part of the Ciphers Security glossary. Free reference for analysts, defenders & learners.