Phishing

Phishing tricks users into revealing credentials or running malicious actions.

Updated: 2026-03-05

Definition

Phishing is a social engineering attack where an attacker impersonates a trusted entity to trick users into giving up credentials, MFA codes, or sensitive data.

It often uses email, SMS (smishing), phone calls (vishing), or fake login pages.

Key points

Targets humans and trust
Often aims to steal credentials and session tokens
Defense: MFA, training, email security, URL verification

Common mistakes

Assuming tech controls alone stop phishing (user behavior still matters).
Ignoring look-alike domains and login page details.

Related exams

CompTIA Security+ (SY0-701)

Free Security+ SY0-701 mini test. Continue in the app for offline packs and detailed explanations.

CompTIA A+ (220-1201 / 220-1202)

Free CompTIA A+ mini test. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.

Go to exams