From CISO Marketplace — the hub for security professionals Visit

Phishing

Data Protection

Definition

A cybercrime where targets are contacted by email, phone or text by someone posing as a legitimate institution.

Technical Details

Phishing is a form of cybercrime that involves fraudulent attempts to obtain sensitive information such as usernames, passwords, credit card numbers, and other personal data by masquerading as a trustworthy entity in electronic communications. This is typically performed through emails, text messages, or phone calls. Phishing attacks often employ social engineering tactics to induce fear, urgency, or curiosity to trick victims into clicking malicious links or providing confidential information. Techniques used in phishing include email spoofing, domain spoofing, and the use of fake websites that imitate legitimate ones to harvest user credentials.

Practical Usage

Phishing is utilized predominantly as a means to compromise user accounts and gain unauthorized access to sensitive data. Organizations implement anti-phishing measures such as employee training, email filtering, and multi-factor authentication to mitigate the risk of successful phishing attacks. Additionally, cybersecurity awareness programs aim to educate users on recognizing phishing attempts and reporting them. Real-world applications include implementing DMARC (Domain-based Message Authentication, Reporting & Conformance) protocols to protect against email spoofing and using security software that identifies and blocks phishing attempts.

Examples

Related Terms

Spear Phishing Whaling Vishing Smishing Social Engineering
← Back to Glossary