[{"data":1,"prerenderedAt":318},["ShallowReactive",2],{"blog-glossary/phishing":3},{"id":4,"title":5,"body":6,"category":293,"date":294,"dateModified":294,"description":295,"draft":296,"extension":297,"faq":298,"featured":296,"headerVariant":302,"image":303,"keywords":303,"meta":304,"navigation":305,"ogDescription":306,"ogTitle":307,"path":308,"readTime":309,"schemaOrg":310,"schemaType":311,"seo":312,"sitemap":313,"stem":314,"tags":315,"twitterCard":316,"__hash__":317},"blog/blog/glossary/phishing.md","What is Phishing? Attack Prevention Basics",{"type":7,"value":8,"toc":283},"minimark",[9,16,21,24,28,106,110,142,146,179,188,192,230,252,271],[10,11,12],"tldr",{},[13,14,15],"p",{},"Phishing is a social engineering attack where attackers impersonate trusted entities (banks, employers, services) to trick victims into revealing credentials, clicking malicious links, or installing malware. It is the most common way breaches start. Defend with email filtering, MFA (so stolen passwords are not enough), and security awareness training.",[17,18,20],"h2",{"id":19},"the-simple-explanation","The Simple Explanation",[13,22,23],{},"You get an email that looks like it is from your bank, boss, or a service you use. It asks you to click a link and log in, or open an attachment. The link goes to a fake site that steals your password. The attachment installs malware. Phishing exploits trust and urgency to bypass technical defenses by targeting people.",[17,25,27],{"id":26},"types-of-phishing","Types of Phishing",[29,30,31,47],"table",{},[32,33,34],"thead",{},[35,36,37,41,44],"tr",{},[38,39,40],"th",{},"Type",[38,42,43],{},"Target",[38,45,46],{},"Characteristics",[48,49,50,62,73,84,95],"tbody",{},[35,51,52,56,59],{},[53,54,55],"td",{},"Mass phishing",[53,57,58],{},"Anyone",[53,60,61],{},"Generic, high volume",[35,63,64,67,70],{},[53,65,66],{},"Spear phishing",[53,68,69],{},"Specific person",[53,71,72],{},"Personalized, researched",[35,74,75,78,81],{},[53,76,77],{},"Whaling",[53,79,80],{},"Executives",[53,82,83],{},"High-value targets",[35,85,86,89,92],{},[53,87,88],{},"Smishing",[53,90,91],{},"SMS recipients",[53,93,94],{},"Text message based",[35,96,97,100,103],{},[53,98,99],{},"Vishing",[53,101,102],{},"Phone users",[53,104,105],{},"Voice call based",[17,107,109],{"id":108},"warning-signs","Warning Signs",[111,112,114],"prompt-box",{"title":113},"Red flags in emails",[115,116,117,121,124,127,130,133,136,139],"ul",{},[118,119,120],"li",{},"Urgent language: \"Act now or lose access!\"",[118,122,123],{},"Unexpected requests for credentials",[118,125,126],{},"Sender address does not match claimed org",[118,128,129],{},"Generic greeting: \"Dear Customer\"",[118,131,132],{},"Spelling and grammar mistakes",[118,134,135],{},"Links that do not match the claimed destination",[118,137,138],{},"Requests to bypass normal procedures",[118,140,141],{},"Too good to be true offers",[17,143,145],{"id":144},"common-phishing-scenarios","Common Phishing Scenarios",[115,147,148,155,161,167,173],{},[118,149,150,154],{},[151,152,153],"strong",{},"Password reset:"," \"Your account was compromised, reset now\"",[118,156,157,160],{},[151,158,159],{},"Invoice/payment:"," \"Pay this invoice immediately\"",[118,162,163,166],{},[151,164,165],{},"IT support:"," \"We need to verify your credentials\"",[118,168,169,172],{},[151,170,171],{},"Executive impersonation:"," \"The CEO needs this done today\"",[118,174,175,178],{},[151,176,177],{},"Package delivery:"," \"Click to track your shipment\"",[180,181,182],"warning-box",{},[13,183,184,187],{},[151,185,186],{},"MFA is your safety net."," Even if an employee falls for phishing and gives up their password, multi-factor authentication stops the attacker from logging in. MFA is essential phishing defense.",[17,189,191],{"id":190},"protection-strategies","Protection Strategies",[115,193,194,200,206,212,218,224],{},[118,195,196,199],{},[151,197,198],{},"Email filtering:"," Block known phishing",[118,201,202,205],{},[151,203,204],{},"MFA:"," Passwords alone are not enough",[118,207,208,211],{},[151,209,210],{},"Training:"," Teach recognition skills",[118,213,214,217],{},[151,215,216],{},"Simulations:"," Test with fake phishing",[118,219,220,223],{},[151,221,222],{},"Reporting:"," Easy way to flag suspicious emails",[118,225,226,229],{},[151,227,228],{},"DMARC:"," Prevent email spoofing",[231,232,233,240,246],"faq-section",{},[234,235,237],"faq-item",{"question":236},"What is the difference between phishing and spear phishing?",[13,238,239],{},"Regular phishing sends generic messages to many targets hoping someone clicks. Spear phishing targets specific individuals with personalized messages using research about them. Spear phishing is more convincing because it references real details about the target, their job, or their company.",[234,241,243],{"question":242},"How do I recognize a phishing email?",[13,244,245],{},"Look for urgency or threats, unexpected requests for credentials, mismatched or suspicious sender addresses, generic greetings, spelling and grammar errors, and suspicious links (hover to check). Legitimate organizations rarely ask for passwords via email. When in doubt, contact the organization directly using known contact info.",[234,247,249],{"question":248},"How can organizations protect against phishing?",[13,250,251],{},"Implement email filtering to block phishing attempts, require multi-factor authentication so stolen passwords are not enough, conduct regular security awareness training, run phishing simulations to test employees, and have clear reporting procedures for suspicious emails.",[253,254,255,261,266],"related-articles",{},[256,257],"related-card",{"description":258,"href":259,"title":260},"Broader category","/blog/glossary/social-engineering","Social Engineering",[256,262],{"description":263,"href":264,"title":265},"Key defense","/blog/glossary/two-factor","Two-Factor Auth",[256,267],{"description":268,"href":269,"title":270},"Common payload","/blog/glossary/malware","Malware",[272,273,276,280],"cta-box",{"href":274,"label":275},"/","Start Free Scan",[17,277,279],{"id":278},"secure-your-application","Secure Your Application",[13,281,282],{},"Protect the systems users log into.",{"title":284,"searchDepth":285,"depth":285,"links":286},"",2,[287,288,289,290,291,292],{"id":19,"depth":285,"text":20},{"id":26,"depth":285,"text":27},{"id":108,"depth":285,"text":109},{"id":144,"depth":285,"text":145},{"id":190,"depth":285,"text":191},{"id":278,"depth":285,"text":279},"glossary","2026-01-08","Learn what phishing attacks are, how to recognize them, and how to protect your organization from email and social engineering threats.",false,"md",[299,300,301],{"question":236,"answer":239},{"question":242,"answer":245},{"question":248,"answer":251},"green",null,{},true,"Phishing tricks people into revealing credentials or installing malware. Learn how to defend against it.","What is Phishing?","/blog/glossary/phishing","4 min read","[object Object]","DefinedTerm",{"title":5,"description":295},{"loc":308},"blog/glossary/phishing",[],"summary_large_image","9DZykqJDqRJkZOJstAQd1stZYmJhffnE5WjYPbCX3Lk",1775843922866]