Phishing
Phishing is a type of social engineering attack where malicious actors attempt to trick individuals into revealing sensitive information, such as private keys or login credentials, by disguising themselves as a trustworthy entity.
Phishing is a type of cyberattack that employs social engineering tactics to deceive individuals into divulging sensitive information or performing actions that compromise their security. Attackers typically impersonate legitimate entities, such as banks, social media platforms, government agencies, or well-known companies, through deceptive emails, websites, text messages (smishing), or voice calls (vishing). The goal is to trick the victim into clicking malicious links, downloading infected attachments, providing login credentials, credit card numbers, social security numbers, or private keys. These attacks often create a sense of urgency or fear, prompting the victim to act without careful consideration. For example, a phishing email might claim an account has been compromised and requires immediate verification by clicking a link that leads to a fake login page. Once credentials are submitted, the attacker gains unauthorized access. Advanced phishing attacks may involve spear-phishing (highly targeted) or whaling (targeting high-profile individuals). Defending against phishing requires a combination of technical measures (spam filters, anti-malware) and user education focused on recognizing suspicious communication patterns and verifying requests through independent channels.
graph LR
Center["Phishing"]:::main
Pre_cryptography["cryptography"]:::pre --> Center
click Pre_cryptography "/terms/cryptography"
Rel_data_breaches["data-breaches"]:::related -.-> Center
click Rel_data_breaches "/terms/data-breaches"
Rel_encryption["encryption"]:::related -.-> Center
click Rel_encryption "/terms/encryption"
Rel_cryptography["cryptography"]:::related -.-> Center
click Rel_cryptography "/terms/cryptography"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
It's like a fisherman throwing a hook with bait. The attacker sends a fake email that looks real (like from a bank) to 'hook' you into giving away your password.
🤓 Expert Deep Dive
Phishing attacks exploit human psychology, specifically cognitive biases such as authority bias, scarcity bias, and confirmation bias, to bypass technical security controls. The effectiveness of phishing hinges on the attacker's ability to craft convincing social engineering narratives that exploit trust and urgency. From a technical standpoint, phishing vectors often leverage vulnerabilities in email protocols (e.g., spoofing sender addresses), web technologies (e.g., URL manipulation, domain squatting), and communication platforms. The payload can range from credential harvesting via fake login portals to malware delivery through malicious attachments or links. Advanced Persistent Threats (APTs) frequently use spear-phishing as an initial access vector. Mitigation strategies involve multi-layered defenses, including robust email filtering, endpoint security, and crucially, continuous user awareness training that emphasizes critical evaluation of unsolicited communications, verification of sender identity through out-of-band channels, and awareness of common social engineering tactics. The increasing sophistication of AI-generated phishing content poses an ongoing challenge.