Askeal Logo

Phishing

Phishing is one of the most widespread and persistent cyber threats. It refers to attempts by attackers to trick individuals into revealing sensitive information or performing risky actions by impersonating trusted entities. These attacks exploit human trust rather than technical flaws, which is why they remain effective even as defenses evolve.

What is phishing?How it typically worksCommon techniques and variantsImpactFurther reading

What is phishing?

Phishing is a form of social engineering where attackers send deceptive messages designed to look genuine. Messages are delivered through email, SMS, or phone calls and impersonate legitimate organizations such as banks, delivery services, or even colleagues inside a company. The goal is to convince the recipient to disclose credentials, click on malicious links, download infected attachments, or perform unauthorized actions such as wire transfers.

Phishing

Phishing is one of the most widespread and persistent cyber threats. It refers to attempts by attackers to trick individuals into revealing sensitive information or performing risky actions by impersonating trusted entities. These attacks exploit human trust rather than technical flaws, which is why they remain effective even as defenses evolve.

Table of Contents

What is phishing?

Phishing is a form of social engineering where attackers send deceptive messages designed to look genuine. Messages are delivered through email, SMS, or phone calls and impersonate legitimate organizations such as banks, delivery services, or even colleagues inside a company. The goal is to convince the recipient to disclose credentials, click on malicious links, download infected attachments, or perform unauthorized actions such as wire transfers.

How it typically works

A phishing attack usually follows a predictable sequence:

  1. Preparation: the attacker researches potential victims and crafts a convincing message.
  2. Delivery: the phishing message is sent via email, SMS, or phone call. It often contains urgent language to pressure quick action.
  3. Exploitation: the victim clicks a malicious link, enters credentials on a fake website, or opens an attachment that executes malware.
  4. Result: the attacker gains access to accounts, installs malware, or triggers financial fraud.

Common techniques and variants

  • Spear phishing: targeted and personalized messages crafted for specific people or roles
  • Smishing: phishing carried out through SMS or mobile messaging apps
  • Vishing: phishing conducted by voice calls or voicemails
  • Email spoofing: forged sender addresses or domains that appear trustworthy
  • Social engineering: psychological manipulation techniques such as urgency, authority, or fear to increase effectiveness

Impact

Phishing can have severe consequences for individuals and organizations alike. Stolen credentials enable unauthorized access to cloud services, internal networks, and business applications. Financial losses occur when victims are deceived into transferring money or providing payment card details. Malicious attachments or links can install ransomware, spyware, or other types of malware, leading to operational disruption and costly recovery efforts. Beyond direct damages, phishing undermines trust in digital communications and frequently acts as the entry point for larger breaches.

Further reading

Related topics

Spear PhishingSmishingVishingEmail SpoofingSocial Engineering