What is Phishing? Definition & Explanation
Phishing is a social engineering attack in which an adversary impersonates a trusted entity — via email, SMS (smishing), voice (vishing), QR code (quishing), or chat — to trick victims into revealing credentials, transferring money, or installing malware. Phishing is the most common initial access vector in breaches.
In-Depth Explanation
Modern phishing has evolved far beyond the Nigerian-prince emails of the 2000s. Sophisticated variants include spear phishing (targeted to specific individuals), whaling (targeting executives), Business Email Compromise (BEC — fraudulent wire transfers, costing $50B+ globally per FBI IC3 reports), Adversary-in-the-Middle (AiTM) phishing using kits like Evilginx2 that steal authenticated session cookies and bypass MFA, OAuth consent phishing (tricking users into granting malicious app permissions in Microsoft 365 / Google Workspace), QR-code phishing, and AI-generated personalized lures using LLMs and voice cloning. Defenses include strict email security (Microsoft Defender for Office 365, Proofpoint, Mimecast, Abnormal Security, Sublime), DMARC/DKIM/SPF email authentication, anti-phishing browser features, secure web gateways (Cisco Umbrella, Zscaler, Cloudflare Gateway), continuous user training (KnowBe4, Hoxhunt, Phin, Mimecast Awareness Training), and most importantly, phishing-resistant MFA (FIDO2 hardware keys, passkeys) which renders stolen passwords and even AiTM-stolen session cookies useless.
Why It Matters for Security
Phishing is the leading initial-access vector in breaches — Verizon's 2024 DBIR found phishing involved in roughly 30% of incidents and 60%+ of social-engineering breaches. BEC alone caused $50B+ in losses globally between 2013 and 2023 per the FBI. AI-generated phishing is rapidly improving in quality, eliminating the obvious typos and translation errors that traditionally helped users spot lures. The only defense that scales reliably is phishing-resistant MFA (FIDO2/passkeys), since it defeats every credential-stealing variant including AiTM.
Related Tools
- Abnormal ICES Platform
Integrated cloud email security replacing legacy SEGs with behavioral AI threat detection.
- Proofpoint Email Protection
AI-powered email security with advanced threat protection, DLP and archiving for enterprises.
- Proofpoint
AI-powered email security and compliance platform protecting against phishing, BEC, malware, and data loss across email and cloud channels.
Frequently Asked Questions
What does Phishing mean in cybersecurity?
Phishing in cybersecurity is a social engineering attack in which an attacker impersonates a trusted entity — through email, SMS (smishing), voice (vishing), QR code (quishing), or chat — to trick victims into revealing credentials, transferring money, or installing malware.
Why is Phishing important?
Phishing matters because it is the leading initial-access vector in breaches (Verizon DBIR), and AI-generated phishing is rapidly eliminating the obvious tells that helped users spot lures. The only defense that scales reliably is phishing-resistant MFA (FIDO2 hardware keys or passkeys), which defeats credential theft including AiTM-style session hijacking.