Security Beginner

What is Phishing?

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

Phishing attacks impersonate trusted entities (banks, colleagues, services) through email, SMS (smishing), or phone calls (vishing). They create urgency ("Your account will be closed!") and direct victims to fake websites or malicious attachments.

Protection includes email authentication (SPF, DKIM, DMARC), security awareness training, multi-factor authentication, URL inspection, and anti-phishing tools. Spear phishing targets specific individuals using personalized information.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

Man-in-the-Middle Attack

An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

RBAC (Role-Based Access Control)

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

WAF (Web Application Firewall)

A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.

An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.

Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.

View All Security Terms →