What is phishing?

Q: What is phishing?

Phishing is a social engineering attack that tricks users into revealing sensitive information (credentials, credit card numbers) or installing malware by impersonating a trusted entity. Delivered via: Email (most common — fake bank/IT notifications), SMS (smishing), voice calls (vishing), and malicious websites (typosquatting — e.g., g00gle.com). Spear phishing: highly targeted at specific individuals using personal information. Whaling: targets executives (CEO, CFO). Business Email Comprom

Answer

Phishing is a social engineering attack that tricks users into revealing sensitive information (credentials, credit card numbers) or installing malware by impersonating a trusted entity. Delivered via: Email (most common — fake bank/IT notifications), SMS (smishing), voice calls (vishing), and malicious websites (typosquatting — e.g., g00gle.com). Spear phishing: highly targeted at specific individuals using personal information. Whaling: targets executives (CEO, CFO). Business Email Compromise (BEC): impersonates executives to authorize fraudulent wire transfers. Prevention: User training and awareness, email filtering and anti-phishing tools, DMARC/DKIM/SPF (email authentication), MFA (limits damage even if credentials are stolen), hardware security keys (phishing-resistant MFA).

Answer

More Cybersecurity / Web Security Questions