Phishing
A social engineering attack using deceptive emails or messages to steal credentials or deliver malware.
Full Definition
Phishing is a type of social engineering attack in which threat actors send fraudulent communications — typically emails — that appear to come from a trusted source to trick recipients into revealing sensitive information, clicking malicious links, or downloading malware.\n\nPhishing attacks vary in sophistication from mass-scale generic campaigns to highly targeted spear-phishing. Common objectives include credential harvesting (fake login pages), malware delivery (malicious attachments or links), and business email compromise. Modern phishing infrastructure includes adversary-in-the-middle (AiTM) proxies that can bypass MFA by capturing live session tokens.\n\nPhishing remains the single most common initial access vector in data breaches worldwide. Employee data exposed in breaches — including job titles, company names, and manager relationships — is routinely used to craft more convincing and personalized phishing messages.
Related Terms
Spear Phishing
A targeted phishing attack customized with personal details to deceive a specific individual or organization.
Attack TypesBusiness Email Compromise (BEC)
A social engineering attack that impersonates executives or vendors to authorize fraudulent transactions.
Attack TypesSocial Engineering
Psychological manipulation of people into performing actions or divulging confidential information.
Attack TypesCredential Stuffing
Automated injection of stolen username/password pairs to gain unauthorized access to accounts.
Attack TypesMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.