Phishing

Phishing is a cybercrime technique in which attackers use fraudulent digital communications to deceive individuals or organizations into revealing sensitive information, installing malware, or granting unauthorized access to systems and resources.

Expanded Explanation

1. Technical Function and Core Characteristics

Phishing operates as a form of social engineering that exploits trust in apparently legitimate messages, websites, or interfaces. Attackers craft emails, text messages, voice calls, or web pages that imitate trusted entities to capture credentials, financial data, or other confidential information.

Technical characteristics include spoofed sender identities, look-alike domains, cloned login pages, and embedded links or attachments that direct users to malicious infrastructure or deliver malware. Variants include spear phishing, whaling, Business Email Compromise (BEC), clone phishing, and credential harvesting campaigns.

2. Enterprise Usage and Architectural Context

In enterprises, phishing appears primarily as inbound email, messaging, or web traffic targeting employees, contractors, and partners. Attackers often seek corporate credentials, remote access, cloud service logins, and Multifactor Authentication (MFA) tokens to move laterally across networks and systems.

Phishing intersects with email security gateways, secure web gateways, identity and access management platforms, endpoint protection, and security awareness training programs. Security Operations (SecOps) centers monitor phishing indicators, perform incident response on reported messages, and integrate threat intelligence to detect and block related campaigns.

3. Related or Adjacent Technologies

Related technologies include email authentication standards such as Stream Processing Framework (SPF), DKIM, and DMARC, which verify sender domains and reduce spoofing. Phishing protection also uses URL filtering, sandboxing of attachments, machine learning–based anomaly detection, and browser or endpoint protections against malicious sites.

Adjacent security domains include social engineering defense, malware protection, identity security, and fraud detection for online banking and payments. Threat intelligence feeds, Security Information and Event Management (SIEM) systems, and Extended detection and response (XDR) platforms consume phishing-related indicators to support correlation and investigation.

4. Business and Operational Significance

Phishing creates risk of data breaches, ransomware deployment, financial fraud, and unauthorized access to critical business systems. Incidents can affect regulatory compliance, customer data protection, and continuity of operations across distributed and cloud-based environments.

Enterprises address phishing through combined technical controls, user training, incident response procedures, and governance policies. Boards, regulators, and insurers treat phishing resilience and email security posture as part of broader cyber risk management and enterprise security architecture.