Map of Sciences
Being a GeneralistTechnology & Digital LiteracyCybersecurity AwarenessPassword & Authentication SecurityPhishing Recognition & Defense
← Password & Authentication Security

Phishing Recognition & Defense

topic
Phishing is the social engineering attack vector in which an attacker impersonates a trusted entity — a bank, employer, government agency, or known contact — through email, SMS, phone, or fake website to obtain credentials, personal information, or malware execution from the target. Modern phishing has evolved from obvious misspelled emails to AI-personalized spear-phishing messages that incorporate the target's name, recent activities, and organizational context with sufficient accuracy to fool technically sophisticated recipients.

Role

Phishing is responsible for over 90% of successful cyberattacks on organizations and a significant majority of individual account compromises — not because it is technically sophisticated but because it exploits the psychological vulnerabilities of authority compliance, urgency, and trust that operate regardless of technical sophistication. The most effective defense is not technical but psychological: understanding that legitimate organizations never request credentials through email, that urgency signals in messages requesting sensitive action are specifically designed to bypass careful evaluation, and that verifying through a separate known-good channel before acting on any unexpected request eliminates the vast majority of phishing risk. This knowledge is simple to transmit and dramatically under-distributed.

Explore "Phishing Recognition & Defense" on the interactive map →