In plain English
Phishing is the most common way attackers get into organisations. A well-crafted phishing email impersonates a trusted sender — your bank, the ATO, Microsoft, or even your CEO — and creates urgency to make you act before you think. Even technically savvy people fall victim to well-targeted attacks.
Full definition
Phishing attacks range from mass campaigns targeting millions of recipients with generic lures, to highly targeted emails researched specifically for a single individual or organisation. Executive-targeted attacks are often called whaling.
Modern phishing has evolved beyond simple credential-harvesting pages. Adversary-in-the-middle (AiTM) phishing proxies can bypass by relaying authentication in real time. Phishing kits are now sold as services, lowering the technical bar for attackers significantly.
Defences include (, , ), Safe Links and Safe Attachments, phishing-resistant MFA, and regular phishing simulations combined with to improve user detection rates.
