Phishing Attacks Explained: Types, Signs & Defence
Phishing tricks people into revealing credentials or running malware through fraudulent messages that look legitimate. It's the number-one way breaches begin — because it attacks the human, not the machine, and no firewall fully stops a convinced user from clicking.
The phishing family
- Phishing — mass fraudulent emails to many targets.
- Spear phishing — customised to a specific person (their name, company, context).
- Whaling — spear phishing aimed at executives.
- Vishing — voice/phone-based; Smishing — SMS-based.
Warning signs and defence
Red flags: urgency ("act now or your account closes"), mismatched sender addresses, suspicious links (hover to check), unexpected attachments, requests for credentials. Defences layer up: email filtering, MFA (so stolen passwords alone fail), user training, and SOC monitoring of what gets clicked. Analysing phishing is core SOC work — see CyberOps.
Frequently asked questions
What is phishing?
A social-engineering attack using fraudulent messages that impersonate trusted sources to steal credentials or deliver malware.
What is the difference between phishing and spear phishing?
Phishing is mass and generic; spear phishing is targeted and personalised to a specific individual, making it far more convincing.
How do you defend against phishing?
Layered controls: email filtering, multi-factor authentication, user awareness training, and SOC monitoring — no single measure is enough.
Related articles
Want hands-on training?
Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.