Security Beginner

What is Phishing?

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

Phishing attacks impersonate trusted entities (banks, colleagues, services) through email, SMS (smishing), or phone calls (vishing). They create urgency ("Your account will be closed!") and direct victims to fake websites or malicious attachments.

Protection includes email authentication (SPF, DKIM, DMARC), security awareness training, multi-factor authentication, URL inspection, and anti-phishing tools. Spear phishing targets specific individuals using personalized information.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

An authorization framework that allows third-party applications to access user resources without sharing passwords.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

Man-in-the-Middle Attack

An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly.

An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

View All Security Terms →