← All glossary terms Glossary

What is Phishing?

Fraudulent messages — by email, text, or phone — designed to trick someone into giving up credentials, money, or access to your systems.

Phishing is the umbrella term for fraudulent messages — usually email but increasingly SMS and voice — designed to manipulate a person into doing something an attacker wants. The most common goals are stealing credentials, redirecting payments, or convincing a target to run malware. "Spear phishing" refers to highly targeted attacks against specific individuals. Phishing is still the most common entry point for breaches, including ransomware and business email compromise. Defending against it takes a mix of email security, MFA, user awareness, and rapid detection of credential abuse.

Keep learning

Related terms

Ransomware

Malicious software that encrypts your data and demands payment for the key — often combined with data theft and extortion.

Read definition →

Zero Trust

A security model that trusts no user or device by default — even inside the corporate network — and verifies every access request continuously.

Read definition →

Vulnerability Management

The ongoing process of finding, prioritizing, and fixing security weaknesses in your systems before attackers exploit them.

Read definition →

Incident Response (IR)

The structured process of containing, investigating, eradicating, and recovering from a security incident — ideally guided by a tested plan.

Read definition →

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team