Home > Glossary > Certified in Cybersecurity > Phishing

📖 What is Phishing?

A type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information.

🥋 Sensei Says:

"The most common entry point for cyberattacks. Always check the sender's email address!"

📚 Certification: Certified in Cybersecurity (CC)

🔑 What are the Key Concepts of Phishing?

▸ Phishing attacks often leverage urgency, fear, or authority to manipulate victims into immediate action, bypassing critical thinking.
▸ Spear phishing targets specific individuals or organizations with personalized messages, increasing the likelihood of success.
▸ Whaling is a highly targeted phishing attack aimed at high-profile individuals like CEOs or CFOs within an organization.
▸ Identifying phishing attempts requires scrutinizing email headers, URLs, and the overall message context for inconsistencies.
▸ Employee training and awareness programs are crucial for mitigating phishing risks, as they are the first line of defense.

🎯 How does Phishing appear on the CC Exam?

You may be asked to identify the type of attack when a user clicks a link in an email that redirects them to a fake login page mimicking a legitimate service.

A scenario might describe a company experiencing a data breach after an employee provided credentials via a seemingly legitimate email request – determine the root cause.

Expect questions about the best preventative measures to protect against phishing, such as multi-factor authentication and email filtering.

❓ Frequently Asked Questions

What's the difference between phishing and pharming?

Phishing relies on deceiving users to provide information, while pharming redirects users to a fraudulent website without their direct action, exploiting DNS server vulnerabilities.

How can I spot a phishing email even if it looks legitimate?

Look for subtle clues like grammatical errors, mismatched URLs, generic greetings, and requests for sensitive information via email – legitimate organizations rarely ask for this.

What role does reporting play in combating phishing?

Reporting suspected phishing emails helps security teams analyze attack patterns, update filters, and warn other potential victims, improving overall security posture.

Related Terms from Certified in Cybersecurity

Malware Warm Site Incremental Backup IDS (Intrusion Detection System) Role-Based Access Control (RBAC) Multi-Factor Authentication (MFA)

📝 Related Study Guides

Study Guide 8 min read

ISC2 CC Certification Guide: Your Free Entry into Cyber

The ISC2 Certified in Cybersecurity (CC) is a free, entry-level certification designed for beginners. It covers five core domains—Security Principles, BCP/DR, Access Control, Network Security, and Security Operations—via a 100-question exam. It's the ideal starting point for career changers to build a foundation without financial barriers.

Exam Tips 8 min read

ISC2 CC Exam Domains: What You Need to Know to Pass

The ISC2 CC exam consists of five domains: Security Principles, Business Continuity (BC), Disaster Recovery (DR), and Incident Response (IR), Access Controls, Network Security, and Security Operations. To pass, you must master the CIA Triad and security governance, while prioritizing high-weight domains through targeted practice and domain-specific analytics.

Comparison 8 min read

CISSP vs CISM: Which Certification Should You Pursue in 2026?

Choose CISSP if you want broad technical security expertise across eight domains, including cryptography, network security, and software development. Choose CISM if you're focused on information security management, governance, and risk management from a leadership perspective. CISSP is ideal for hands-on security architects, while CISM is designed for security managers and directors.