A cyberattack where criminal impersonate trusted entitles (like banks or retailers) to trick people into revealing sensitive data such as passwords, credit card numbers, or personal information.
Manipulative tactics that exploit human psychology–such as urgency, fear, or curiousity–to deceive individuals into compromising security.
The most common phishing method. Attackers send fraudulent emails that look like official communications to trick recipients into clicking malicious links or sharing sensitive information.
A highly targeted phishing attack aimed at a specific person or organization. Often uses personal details (from social media or data breaches) to make the message more convincing.
A type of spear phishing that targets high-profile individuals, such as executives or government officials, with the goals of stealing valuable data or funds.
A phishing-based scam where attackers impersonate executives, vendors, or partners to trick businesses into transferring money or sensitive information.
Phishing delivered via SMS text messages. Attackers spoof pohne numbers to make messages look like they’re from banks or service providers.
Phishing conducted over the phone (“voice phishing”). Attackers may impersonate customer service agents, banks, or government officials to extract personal information.
A phishing technique where attackers copy a legitimate email, swap out links or attachments for malicious ones, and resend it to the victim.
Phishing that uses artificial intelligence (AI) to create more convincing messages, deepfake voices, or videos that closely mimic real communications.
An advanced form of vishing where attackers use AI-generated voices or video to impersonate trusted individuals.
The fraudulent message, email, or link designed to lure victims into engaging with a phishing attempt.
The final stage of phishing attack, when stolen information is used for fraud, identity theft, ransomware deployment, or other malicious activity.
Malicious software (such as ransomware, spyware, or keyloggers) that can be installed on a device through phishing links or attachments.
A type of malware that encrypts a victim’s files and demands payment (a ransom) for restoring access.
An incident where sensitive, confidential, or protected data is accessed or stolen. Phishing is one of the leading causes of breaches worldwide.
When stolen personal information is used to impersonate someone else for fraudulent purposes, such as opening bank accounts or making unauthorized purchases.
A psychological manipulation tactic in phishing messages that pressures recipients to act immediately, often to “secure an account” or “prevent suspension.”
A division of the FBI that collects reports of cybercrime, including phishing attacks.
An international coalition that tracks phishing trends and publishes reports on global activity.
Online platforms where criminal sell stolen data, including login credentials and credit card numbers obtained through phishing.
Practices and tools used to reduce phishing risk, such as two-factor authentication (2FA), email filters, privacy apps (like MySudo), and ongoing user education.
