- Phishing exploits human trust and urgency, not technical vulnerabilities.
- Credential harvesting and malware delivery require different response playbooks.
- Inspect sender headers, URLs, and attachment types before trusting any message.
- Multi-factor authentication blunts but does not eliminate phishing risk.
- User-reported phishing is one of the best early-warning signals.
What is it and why it matters
Phishing is the most common initial access vector in cyberattacks because it bypasses perimeter defenses by targeting the person behind the keyboard. Attackers craft messages that impersonate trusted entities — IT support, executives, vendors, or popular services — to manipulate recipients into clicking malicious links, opening weaponized attachments, or entering credentials on lookalike login pages. For security analysts, phishing is often the first indicator of a broader intrusion, and the quality of triage in the first 30 minutes can determine whether an incident stays contained or escalates into a full compromise.
Real world examples
- RSA SecurID breach (2011) — A targeted phishing email with a malicious Excel attachment led to the compromise of RSA’s SecurID seed values, forcing a massive token replacement across defense and government customers.
- Twitter hack (2020) — Phone-based spear-phishing tricked Twitter employees into providing credentials, allowing attackers to hijack high-profile accounts including Barack Obama and Elon Musk for a Bitcoin scam.
- Google and Facebook BEC fraud (2013–2015) — Evaldas Rimasauskas used phishing and forged contracts to trick Google and Facebook into wiring over $100 million to attacker-controlled bank accounts over two years.