← All glossary terms Glossary

What is Phishing?

Fraudulent messages — by email, text, or phone — designed to trick someone into giving up credentials, money, or access to your systems.

Phishing is the umbrella term for fraudulent messages — usually email but increasingly SMS and voice — designed to manipulate a person into doing something an attacker wants. The most common goals are stealing credentials, redirecting payments, or convincing a target to run malware. "Spear phishing" refers to highly targeted attacks against specific individuals. Phishing is still the most common entry point for breaches, including ransomware and business email compromise. Defending against it takes a mix of email security, MFA, user awareness, and rapid detection of credential abuse.

  • Arrives by email, SMS (smishing), and voice (vishing) — not just email.
  • Still the most common entry point for breaches, including ransomware and BEC.
  • Spear phishing targets specific individuals with tailored, convincing messages.

En français

Hameçonnage

Des messages frauduleux — par courriel, texto ou téléphone — conçus pour soutirer des identifiants, de l'argent ou un accès à vos systèmes.

L'hameçonnage est le terme générique désignant les messages frauduleux — surtout par courriel, mais de plus en plus par texto et par appel — conçus pour manipuler une personne. Les objectifs les plus courants sont le vol d'identifiants, le détournement de paiements ou l'installation de maliciels. L'« harponnage » (spear phishing) désigne les attaques très ciblées contre des personnes précises. L'hameçonnage demeure le point d'entrée le plus fréquent des atteintes, y compris les rançongiciels et la fraude du président. S'en défendre exige un mélange de sécurité du courriel, d'AMF, de sensibilisation et de détection rapide.

Phishing: frequently asked questions

What should I do if someone clicked a phishing link?

Disconnect the device, change the exposed credentials, and check for suspicious sign-ins or new inbox rules. If you have MDR, report it immediately so analysts can investigate for account takeover or malware.

How can I tell if an email is phishing?

Watch for urgency, unexpected payment or login requests, mismatched sender addresses, and links that don't go where they claim. When in doubt, verify through a known channel rather than replying.

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team