Section: IT & Technology · CybersecurityDifficulty: Easy

Phishing

USUK
US/ˈfɪʃɪŋ/

A social engineering attack that tricks users into revealing sensitive information through deceptive communications.

Also: spear phishing · whaling

Definition

Phishing is a type of social engineering attack in which cybercriminals impersonate trusted entities (banks, tech companies, colleagues) through deceptive emails, text messages, or websites to trick victims into revealing sensitive information such as passwords, credit card numbers, or Social Security numbers. Spear phishing targets specific individuals, while whaling targets executives. Phishing remains one of the most common and effective cyberattack vectors, responsible for a large percentage of data breaches.

Example

An employee receives an email appearing to be from IT support asking them to click a link and reset their password ”” entering credentials on the fake site steals their login.

Usage Examples

  1. 1

    The team applied phishing best practices to improve their cybersecurity outcomes significantly.

  2. 2

    Understanding phishing is essential for anyone building a career in IT & Technology.

When & How to Use

Use 'Phishing' when working in Cybersecurity contexts where phishing is a type of social engineering attack in which cybercriminals impersonate trusted entities (banks, tech companies, colleagues) through deceptive emails, text messages, or websites to trick victims into revealing sensitive information such as passwords, credit card numbers, or social security numbers.

  • Applying phishing principles during a cybersecurity project or initiative
  • Explaining phishing to a junior team member or stakeholder unfamiliar with IT & Technology
  • Evaluating options or proposals using phishing as a decision-making criterion

Etymology & Origin

The term 'Phishing' derives from professional usage and entered IT & Technology professional usage as the field formalised in the 20th century.

History & Evolution

The concept of phishing has evolved alongside IT & Technology. Early practitioners relied on informal methods; structured approaches emerged with the professionalisation of cybersecurity in the mid-20th century. Today, phishing is a standard part of IT & Technology practice globally.

Synonyms

  • social engineering attack
  • credential theft
  • email scam
  • deception attack

Antonyms / Opposites

  • security awareness
  • legitimate communication

Images

CC-licensed · free to use
More on Wikimedia
Loading images…

Video

Related Terms

  • social-engineering
  • malware
  • spear-phishing
  • two-factor-authentication

Dictionary Entry

Back to IT & Technology