Security Beginner

What is Phishing?

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

Phishing attacks impersonate trusted entities (banks, colleagues, services) through email, SMS (smishing), or phone calls (vishing). They create urgency ("Your account will be closed!") and direct victims to fake websites or malicious attachments.

Protection includes email authentication (SPF, DKIM, DMARC), security awareness training, multi-factor authentication, URL inspection, and anti-phishing tools. Spear phishing targets specific individuals using personalized information.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

Certificate Pinning

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

Brute Force Attack

An attack method that systematically tries all possible combinations of passwords or keys until the correct one is found.

Content Security Policy (CSP)

An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.

Principle of Least Privilege

A security principle where users and programs receive only the minimum access rights needed to perform their specific tasks.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

View All Security Terms →