Glossary
What is phishing?
Phishing is a cyberattack where criminals impersonate a trusted person or brand — usually by email, text or phone — to trick you into clicking a malicious link, opening a harmful attachment, or handing over passwords, payment details or other sensitive information.
How phishing works
A phishing attack usually creates a sense of trust and urgency. The attacker impersonates a familiar brand, colleague or authority, then pushes you to act fast — “your account will be locked”, “confirm this payment now”.
Click the link or open the attachment and you might land on a fake login page that harvests your password, or trigger malware. Because the message looks legitimate, even careful people get caught.
Common types of phishing
Phishing comes in many forms: spear phishing (targeted at a specific person), business email compromise (impersonating an executive), smishing (SMS), vishing (voice calls) and quishing (malicious QR codes). All rely on the same trick — abusing trust to make you act.
How to prevent phishing
- Check the sender's real email address and the link's true destination before clicking.
- Be suspicious of urgency, unexpected attachments and requests for credentials or payment.
- Verify unusual requests through a known channel — call the person directly.
- Turn on multi-factor authentication so a stolen password isn't enough.
- Report suspicious messages instead of deleting them, so security can act.
How HookPhish helps
HookPhish trains your team to recognize phishing with realistic, ethical simulations and in-the-moment lessons, and detects phishing that impersonates your brand before it reaches inboxes.
Frequently asked questions
Is phishing illegal?+
Yes. Phishing is a form of fraud and is illegal in most jurisdictions, as it involves deception to steal information, money or access.
What should I do if I clicked a phishing link?+
Don't enter any details. Disconnect if prompted to download anything, change the password for any account you may have exposed, enable MFA, and report it to your security team.
How common is phishing?+
Phishing is one of the most common starting points for breaches, which is why continuous training and detection matter so much.
Security training designed for people. Built for enterprise.
Learn how HookPhish can effortlessly transform your security program and reduce your human cyber-risk.
Fill out the form to schedule a 30-minute chat with a product expert. We'll discuss the challenges you want to solve, walk through HookPhish, and answer any questions.
Book a personalized demo
Looking to become a partner? Use this form instead.