What is phishing?

Phishing is when scammers send fake emails or links pretending to be from real companies to steal your passwords or money.

7 min read min de lecture

~$ man phishing

What is phishing?

Security gneurone encyclopedia
Phishing is when scammers send fake emails or links pretending to be from real companies to steal your passwords or money.

definition

Phishing is a social engineering attack where attackers impersonate trusted entities to trick individuals into revealing sensitive information such as passwords or financial details.

It typically occurs through email, SMS, or malicious websites that mimic legitimate sources, exploiting human trust rather than technical vulnerabilities.

Common variants include spear phishing targeting specific individuals and whaling aimed at high-profile executives.

Phishing works like a fake parking ticket left on your car that asks you to call a number to pay a fine, but the number leads to scammers who want your credit card details instead of the real city office.

key takeaways

  • Always check the sender address and hover over links before clicking.
  • Phishing succeeds because it targets people, not just software weaknesses.
  • Two-factor authentication reduces damage even if credentials are stolen.
  • Regular security training lowers successful attack rates in organizations.
  • Reporting suspicious messages helps improve company filters over time.

the 2026 job market

Phishing remains the top entry vector for breaches, driving 2026 demand for security analysts, SOC operators, and awareness trainers across finance, healthcare, and government sectors as regulations tighten and remote work expands attack surfaces.

Cybersecurity Analyst · US: 75k-115k, Canada: 70k-105k CAD, UK: 45k-70k GBPSecurity Awareness Trainer · US: 65k-95k, Canada: 60k-90k CAD, UK: 40k-60k GBP

frequently asked questions

How can you tell if an email is a phishing attempt?

Look for mismatched sender addresses, urgent language, spelling errors, and links that do not match the claimed domain. Hover over buttons and verify requests through official channels before acting.

What should you do if you clicked a phishing link?

Disconnect from the network, change passwords from a different device, and notify your IT team or bank immediately. Run a malware scan and monitor accounts for unusual activity.

Does phishing only happen through email?

No, it also occurs via SMS, phone calls, social media messages, and fake websites. Attackers adapt to any channel where users share information quickly.

How do companies protect employees from phishing?

They deploy email filters, run simulated attack training, enforce multi-factor authentication, and maintain clear reporting procedures for suspicious messages.

courses to go further

Ethical Hacking Fundamentals
42 lessonsEthical Hacking FundamentalsEnroll →
$ cat ./full-guide.mdLance-toi en Ethical Hacking Fundamentals : ton premier pas concret aujourd'huiread the guide →

related terms

cybersecurityethical hackingransomwarea pentesta red team
< back to the encyclopedia

Auteur(s)

R

REHOUMA Haythem

Haythem Rehouma est un ingénieur et architecte IA et cloud, formateur et enseignant technique, avec un profil orienté IA médicale, AWS, MLOps, LLM/RAG et vision par ordinateur.