Browse our list of commonly used security, privacy, and compliance terms and acronyms.
What is phishing?
Phishing is a type of social engineering attack in which an attacker sends fraudulent emails, text messages, or other electronic communication to individuals, attempting to trick them into revealing sensitive information, such as login credentials, financial information, or personal details.
Phishing attacks are typically designed to look like they come from a legitimate source, such as a bank, a social media site, or an online retailer, and may use a variety of tactics to convince the victim to provide the requested information. These tactics can include urgent or threatening language, promises of rewards or bonuses, or requests for personal information to verify an account or password reset.
Phishing attacks can be particularly effective because they often use social engineering techniques that exploit human vulnerabilities and emotions, such as fear, urgency, or curiosity. Successful phishing attacks can result in compromised accounts, identity theft, financial loss, and other negative consequences.
To protect against phishing attacks, individuals should be cautious when responding to unsolicited requests for information and should always verify the legitimacy of the request through independent means, such as calling the organization directly or visiting its official website. Additionally, individuals should avoid clicking on links or downloading attachments from unknown or suspicious sources and should keep their operating systems and security software up-to-date to help prevent malware infections that may be delivered via phishing emails.