What is phishing?
Phishing is an attack that tries to trick people into revealing sensitive information by impersonating a trustworthy business or person, usually through fraudulent email or websites.
What it means
Per NIST, phishing uses deception — a fake but legitimate-looking message or site — to get someone to hand over data such as passwords or account numbers. It is one of the most common entry points for breaches, which is why security-awareness and incident-response roles treat it as a core topic.
Sources
- National Institute of Standards and Technology — NIST CSRC Glossary: https://csrc.nist.gov/glossary
Citation Ledger
| ID | Supports | Evidence | Source |
|---|---|---|---|
| CIT-01 | Definition source for What is phishing? | Official source page | National Institute of Standards and Technology — NIST CSRC Glossary |