anavem.
Back to Glossary
P

Phishing

Phishing is a social engineering attack that tricks users into revealing credentials, installing malware, or granting access by impersonating a trusted entity.

What is phishing?

Phishing is a cyberattack technique where attackers impersonate legitimate organizations or individuals to deceive users into taking harmful actions. Phishing relies more on psychological manipulation than technical exploits, making it one of the most effective and widespread attack methods.

Why phishing matters

Phishing is often the initial access vector in major security incidents because it:

  • Bypasses technical defenses by targeting human behavior
  • Enables credential theft and account takeover
  • Delivers malware or ransomware
  • Facilitates identity-based attacks in cloud environments
  • Scales easily and cheaply for attackers

A single successful phishing email can lead to a full organizational breach.

Common types of phishing

Phishing attacks take many forms:

1) Email phishing

  • Mass-distributed emails posing as banks, cloud providers, or vendors

2) Spear phishing

  • Targeted attacks tailored to a specific person or role

3) Whaling

  • Phishing aimed at executives or high-value individuals

4) Smishing

  • Phishing via SMS or messaging apps

5) Vishing

  • Voice phishing via phone calls or VoIP

6) OAuth consent phishing

  • Trick users into granting access to malicious OAuth applications

7) Clone phishing

  • Legitimate emails are copied and maliciously modified

How phishing attacks work

A typical phishing attack follows these steps:

  1. Reconnaissance on the target (email, role, habits)
  2. Impersonation of a trusted brand or contact
  3. Delivery via email, SMS, or collaboration tools
  4. User interaction (click, login, consent, download)
  5. Credential theft, malware execution, or access abuse

Modern phishing campaigns often combine multiple techniques.

Indicators of phishing

Common warning signs include:

  • Urgent or threatening language
  • Unexpected requests to log in or verify information
  • Suspicious sender addresses or domains
  • Links that don't match the displayed text
  • Unusual attachment types or macros
  • Requests for MFA approval without context

Phishing vs malware

While related, they are distinct:

  • Phishing: the delivery and deception method
  • Malware: the malicious payload or outcome

Phishing is frequently used to deliver malware or steal credentials for later use.

How to defend against phishing

Effective phishing defense requires layered controls:

  • Email filtering and anti-phishing detection
  • MFA with phishing-resistant methods (FIDO2)
  • User awareness and training
  • Domain monitoring and DMARC/DKIM/SPF
  • Conditional Access and risky sign-in detection
  • Rapid reporting and response workflows

Human vigilance remains a critical defense layer.

Common mistakes

  • Relying solely on user training
  • Assuming MFA fully stops phishing
  • Ignoring OAuth consent abuse
  • Treating phishing as a "low impact" incident
  • Not revoking sessions and tokens after compromise