Phishing
A detailed look at phishing attacks, types, examples, and prevention.
Overview
Phishing is social engineering using email, SMS, or phone to trick users into giving credentials or installing malware.
Types
- Email Phishing — mass emails with malicious links.
- Spear Phishing — targeted to specific individuals/organizations.
- Whaling — CEO/fraud targeting executives.
- Smishing / Vishing — SMS or voice phishing.
How it works (attack chain)
- Recon: attacker gathers targets' info
- Create convincing message/URL
- Deliver via email/SMS
- Victim clicks, gives credentials or executes payload
- Attacker gains access or conducts fraud
Real-world examples
Summarize one or two public incidents (WannaPhish example, CEO fraud case, etc.).
Prevention & Mitigation
- Use strong email filters (DMARC/DKIM/SPF)
- Enable multi-factor authentication
- User training & phishing simulations
- Verify requests OOB (call-back)