In plain English
Phishing is the most common way attackers get into organisations. A well-crafted phishing email impersonates a trusted sender — your bank, the ATO, Microsoft, or even your CEO — and creates urgency to make you act before you think. Even technically savvy people fall victim to well-targeted attacks.
Full definition
Phishing attacks range from mass campaigns targeting millions of recipients with generic lures, to highly targeted emails researched specifically for a single individual or organisation. Executive-targeted attacks are often called whaling.
Modern phishing has evolved beyond simple credential-harvesting pages. Adversary-in-the-middle (AiTM) phishing proxies can bypass by relaying authentication in real time. Phishing kits are now sold as services, lowering the technical bar for attackers significantly.
Defences include email authentication (, , ), Safe Links and Safe Attachments, phishing-resistant MFA, and regular phishing simulations combined with to improve user detection rates.