$4.99/mo - Save 61% With Exclusive 2-Year Plan + 4 Months Free!Claim Now

What is Phishing?

  • Last updated June 24, 2024
  • Gerald Hunt
    Gerald Hunt
    Gerald Hunt
    Editor
    Gerald is a steadfast believer in the inviolable right of every citizen to freedom of expression. Writing about online privacy and security without any regard for political correctness is his way to counter the instruments threatening our liberty. In his spare time, he loves to binge watch Netflix, anime and play video games.
    See Full Bio >
    written by
    Gerald Hunt
    Gerald Hunt
    Gerald Hunt
    Editor
    Gerald is a steadfast believer in the inviolable right of every citizen to freedom of expression. Writing about online privacy and security without any regard for political correctness is his way to counter the instruments threatening our liberty. In his spare time, he loves to binge watch Netflix, anime and play video games.
    See Full Bio >
    Editor
  • Midhat Tilawat
    Midhat Tilawat
    Midhat Tilawat
    Editor
    Midhat Tilawat is an experienced editor at VPNRanks, where she brings focused expertise in privacy-related content. Her interest in VPN technologies was sparked by encountering internet censorship during a research project, which highlighted the critical importance of digital freedom and privacy.
    See Full Bio >
    fact checked by
    Midhat Tilawat
    Midhat Tilawat
    Midhat Tilawat
    Editor
    Midhat Tilawat is an experienced editor at VPNRanks, where she brings focused expertise in privacy-related content. Her interest in VPN technologies was sparked by encountering internet censorship during a research project, which highlighted the critical importance of digital freedom and privacy.
    See Full Bio >
    Editor

Phishing is a type of cyber attack where attackers trick individuals into providing sensitive information such as usernames, passwords, and credit card numbers. This is usually achieved by masquerading as a trustworthy entity in electronic communications.

To help you better understand what is phishing and protect yourself from it, here’s a comprehensive glossary of key terms related to phishing.

Key Terms and Definitions of Phishing

Anti-Phishing Software

Tools designed to detect phishing attempts and prevent users from falling victim. These often block malicious emails, websites, and links, providing an extra layer of security.

Attachment

A file sent along with an email, which can be a common vector for phishing attacks. Attachments in phishing emails often contain malware or malicious links.

Bait

The initial content or message designed to lure the victim into taking action. Bait can include promises of prizes, urgent requests, or fake alerts designed to manipulate emotions.

Business Email Compromise (BEC)

A phishing attack targeting businesses, where attackers trick employees into transferring money or sensitive data. BEC often involves impersonating a high-level executive or trusted business partner.

Clone Phishing

A phishing technique where a legitimate email is copied and altered to include malicious content. The cloned email is then sent to victims, appearing as a trusted message from a known source.

Credential Harvesting

A technique used to collect user credentials such as usernames and passwords. Often executed through fake login pages or deceptive forms designed to look legitimate.

Domain Spoofing

Creating a website or email address that mimics a legitimate domain. This deception tricks users into believing they are interacting with a trusted entity, often leading to credential theft.

Email Spoofing

Forging the sender address of an email to make it appear as if it is from a trusted source. Commonly used in phishing to deceive recipients into taking harmful actions.

Filter Evasion

Techniques used by phishers to avoid detection by spam filters and other security measures. These can include obfuscating text, using images, or employing legitimate-looking domains.

Homograph Attack

A phishing technique that uses similar-looking characters to create deceptive URLs. For example, using “rn” to mimic “m” in a domain name, tricking users into visiting fraudulent sites.

Impersonation

When a phisher pretends to be a trusted entity to deceive the victim. This can involve mimicking the appearance and communication style of a legitimate organization or individual.

Interactive Phishing

Phishing attacks that engage the victim in a conversation, often through chat or phone. This method extracts sensitive information through interactive social engineering techniques.

Deceptive techniques used to disguise the actual destination URL. Phishers may use misleading anchor text, visually similar URLs, or URL shortening services to deceive victims.

Lures

The bait used in phishing attempts to attract victims. Lures can include fake lottery wins, job offers, urgent security alerts, or other enticing offers designed to provoke a response.

Malware

Malicious software delivered through phishing emails or links. Malware can damage or disrupt systems, steal data, or provide unauthorized access to the attacker.

Man-in-the-Middle (MitM) Attack

An attack where the phisher intercepts communication between two parties to steal data. MitM attacks are often executed through compromised networks or phishing emails containing malicious links.

Pharming

A technique that redirects users from a legitimate website to a fraudulent one. Often achieved through DNS poisoning, pharming can capture sensitive information without the user realizing it.

Phishing Kit

A set of tools and resources used by phishers to launch phishing attacks easily. These kits can include templates, scripts, and automated systems for sending phishing emails and creating fake websites.

Ransomware

Malware that encrypts a victim’s data and demands payment for the decryption key. Often delivered through phishing emails, ransomware can cause significant damage and data loss.

Reply-to Address

An email address is specified in the email header where responses are sent. In phishing, this address may differ from the sender’s address to deceive the recipient and avoid detection.

Spear Phishing

A targeted phishing attack aimed at a specific individual or organization. Personalized messages increase the effectiveness of the attack by exploiting personal or organizational details.

SSL Phishing

Phishing attacks that use HTTPS and SSL certificates to appear legitimate and secure. This method can deceive users into trusting a malicious website, thinking it is safe.

Two-Factor Authentication (2FA)

An additional security layer requiring two forms of identification before access is granted. Often targeted by phishers to bypass security measures by stealing both factors.

URL Shortening

Using shortened URLs to obscure the true destination of a link. Commonly used in phishing to hide malicious links and make them appear harmless or legitimate.

Urgency

A common tactic in phishing emails to create a sense of urgency. This prompts immediate action from the victim, often leading to mistakes and compromised information.

Vishing

Phishing attacks conducted through voice calls or voicemail. Vishing often uses social engineering to deceive victims into providing sensitive information over the phone.

Whaling

A type of spear phishing targeting high-profile individuals within an organization. Whaling attacks focus on executives or directors to maximize impact and potential rewards.

Web Spoofing

Creating a fake website that mimics a legitimate one to deceive users. Web spoofing is designed to capture sensitive information like login credentials or personal data.

Zero-Day Exploit

An attack targeting a previously unknown vulnerability. Zero-day exploits are often used in sophisticated phishing campaigns to maximize impact and exploit unpatched systems.