Glossary
Phishing
You know those scam calls pretending to be your bank? Phishing is the email version. Someone pretends to be Netflix, your boss, or the IRS to trick you into giving up your password or clicking a bad link. The email looks real, but it's a trap.
What is Phishing?
Phishing is a type of social engineering attack where criminals send fraudulent messages (usually emails) designed to trick recipients into revealing sensitive information like passwords, credit card numbers, or clicking malicious links.
Why Should You Care?
Over 90% of successful cyberattacks start with a phishing email. It's the easiest way for attackers to get into your business. One employee clicking one bad link can compromise your entire company. And the attacks are getting harder to spot - they're no longer full of typos and bad grammar.
Is your business exposed?
Real-World Example
A real estate agency employee received an email that looked exactly like it came from their title company, asking them to update wire transfer instructions for an upcoming closing. The employee complied, and $400,000 was sent to criminals instead of the legitimate seller. This "business email compromise" variant of phishing costs businesses billions annually.
How to Protect Against Phishing
- 1.
Enable email filtering/spam protection
Built into Microsoft 365 / Google Workspace
- 2.
Verify requests for money or sensitive info by phone
- 3.
Check sender email addresses carefully
- 4.
Never click links in unexpected emails - go directly to the website
- 5.
Run a phishing simulation for your team
- 6.
Report suspicious emails to IT or your email provider
Related Terms
Social Engineering, Spear Phishing, Business Email Compromise, Malware, Ransomware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required