Phishing — Deceptive Social Engineering to Steal Credentials and Deliver Malware
Phishing is a social engineering technique where attackers impersonate trusted entities to steal credentials, deliver malware, or gain initial access. This SECMONS glossary entry explains phishing variants, operational impact, and defensive controls.
What Is Phishing? 🧠
Phishing is a social engineering technique in which attackers impersonate trusted entities to trick victims into revealing credentials, installing malware, or performing sensitive actions.
Phishing is one of the most common vectors for:
- /glossary/initial-access/
- Credential theft leading to /glossary/privilege-escalation/
- Malware delivery via /glossary/loader-dropper/
- Enterprise compromise culminating in /glossary/ransomware/
It exploits human trust rather than software flaws.
Common Phishing Variants 🎯
| Type | Description |
|---|---|
| Bulk Phishing | Mass email campaigns targeting large audiences |
| Spear Phishing | Highly targeted emails tailored to individuals |
| Business Email Compromise (BEC) | Impersonation of executives or vendors |
| Credential Harvesting | Fake login portals capturing passwords |
| Attachment-Based Phishing | Malicious documents delivering payloads |
| OAuth Phishing | Abuse of delegated access permissions |
Spear phishing is frequently used by organized /glossary/threat-actor/ groups.
How Phishing Campaigns Operate 🔎
A typical phishing intrusion may follow this path:
- Deceptive email delivery
- User interaction (click or open)
- Credential theft or payload execution
- Establishment of /glossary/persistence/
- Internal /glossary/lateral-movement/
- Data theft or ransomware deployment
Phishing often acts as the entry point to larger exploit chains described under /glossary/exploit-chain/.
Phishing vs Other Attack Techniques 🔄
| Technique | Primary Target |
|---|---|
| Phishing | Human trust |
| Brute Force | Password guessing |
| Exploit | Software weakness |
| Supply Chain Attack | Third-party trust relationships |
Phishing remains effective even in technically hardened environments.
Defensive Considerations 🛡️
Reducing phishing risk requires:
- Multi-factor authentication
- Email filtering and sandboxing
- DMARC, DKIM, SPF enforcement
- User awareness training
- Conditional access controls
- Monitoring anomalous login patterns
- Rapid credential rotation after compromise
Operational response guidance is typically documented under:
Why SECMONS Treats Phishing as Foundational 📌
Phishing continues to be one of the most reliable initial access techniques across industries.
Technical defenses alone cannot eliminate the human factor.
Understanding phishing mechanics is essential for both prevention and rapid containment.
Authoritative References 📎
- CISA Phishing Guidance
- MITRE ATT&CK — Initial Access Techniques