Phishing is a deception tactic where attackers impersonate trusted entities to steal credentials, money, or sensitive data through email, SMS, calls, or fake sites.
Why It Matters
- Remains the leading cause of data breaches worldwide.
- Low cost for attackers, high success against untrained users.
- Easily combined with malware and account takeover.
Real-World Example
The 2020 Twitter breach began with phishing employees, leading to internal tool access.
How to Reduce Risk
- Enable MFA on all critical accounts.
- Use email security filtering and DMARC/SPF/DKIM.
- Train users to verify senders and links.
Ratings
- ⚠️ Risk: ⭐⭐⭐⭐⭐
- 🛠 Exploitation Uses: ⭐⭐⭐⭐
- 💻 Technical Difficulty: ⭐
