Security Beginner

What is Phishing?

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

Phishing attacks impersonate trusted entities (banks, colleagues, services) through email, SMS (smishing), or phone calls (vishing). They create urgency ("Your account will be closed!") and direct victims to fake websites or malicious attachments.

Protection includes email authentication (SPF, DKIM, DMARC), security awareness training, multi-factor authentication, URL inspection, and anti-phishing tools. Spear phishing targets specific individuals using personalized information.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

CORS (Cross-Origin Resource Sharing)

A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.

RBAC (Role-Based Access Control)

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.

Certificate Pinning

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.

Vulnerability Scanning

Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.

View All Security Terms →