What is Phishing in Cybersecurity?

Offensive Security

ByDecipherU EditorialApril 2026

Version 1.0 · Published April 2026 · Last verified April 2026

How is it pronounced?

FISH-ing/ˈfɪʃ.ɪŋ/

The 'ph' is pronounced like 'f'; identical to 'fishing'.

A social engineering attack that uses fraudulent emails, websites, or messages to trick recipients into revealing credentials, clicking malicious links, or downloading malware. Mass phishing casts a wide net with generic lures. It remains the most common initial access vector for cyberattacks.

Why Phishing Matters for Your Cybersecurity Career

Phishing is the number one attack vector that SOC analysts investigate daily. Incident responders triage phishing reports and contain compromised accounts. Security engineers configure email security gateways and DMARC policies to block phishing. Cybersecurity sales professionals sell anti-phishing solutions constantly.

Which Cybersecurity Roles Use Phishing?

SOC AnalystView career guide →Incident ResponderView career guide →Security EngineerView career guide →

Related Cybersecurity Terms

Spear Phishing Social Engineering Vishing Smishing Credential Stuffing

Related Cybersecurity Certifications

CompTIA Security+View certification guide →CompTIA CySA+View certification guide →

Citation index · auto-derived from course content

Where Phishing is used across DecipherU

27 public surfaces on the platform reference this term in a meaningful way. Sorted by relevance.

Courses · 4

Lessons that teach this term as part of a structured curriculum.

Identity and Access Management Fundamentals20 mentions

"…gh). AAL2 means two-factor authentication with at least one phishing-resistant or one cryptographic-software factor. AAL3 means…"

AI Security Operations Mastery3 mentions

"…oral baseline that no static rule can express. AI-generated phishing produces unique payloads on every send; static indicator ma…"

AI-Augmented Cybersecurity Professional2 mentions

"…n (anomaly surfacing, natural-language alert summarization, phishing classification) and where it degrades it (false-positive am…"

Cybersecurity Sales Mastery3 mentions

"…ry new attack vector (supply chain compromise, AI-generated phishing, API abuse, identity infrastructure attacks) creates a new…"

Career role guides · 1

Cybersecurity careers where this term is part of the day-to-day vocabulary.

Security Awareness Manager2 mentions

"…about cybersecurity at work. The role is more than running phishing simulations. You design training curricula, measure behavio…"

Related glossary entries · 22

Other glossary terms whose definition cites this one.

Spear Phishing6 mentions

"A targeted phishing attack directed at a specific individual or organization us…"

Phishing Simulation Platform5 mentions

"A platform that sends realistic but harmless phishing emails to employees to test and measure their ability to re…"

AI-Powered Phishing4 mentions

"Phishing attacks that use generative AI to create highly personalize…"

FIDO23 mentions

"…from the FIDO Alliance and W3C that enable passwordless and phishing-resistant authentication. It combines WebAuthn (browser API…"

Security Awareness Platforms3 mentions

"…products that deliver cybersecurity awareness training and phishing simulations to employees. These platforms provide training…"

Security Awareness Training2 mentions

"…ty threats they encounter in their daily work. Topics cover phishing recognition, password hygiene, social engineering tactics,…"

Security Awareness Officer2 mentions

"…s and training program. Security awareness officers develop phishing simulations, create training content, run campaigns around…"

Email Security Gateways2 mentions

"…ecurity products that filter inbound and outbound email for phishing, malware, spam, and data loss. Modern email security goes b…"

Multi-Factor Authentication2 mentions

"…c). MFA blocks the vast majority of credential-stuffing and phishing attacks."

Vishing1 mention

"Voice phishing, a social engineering attack conducted over phone calls. At…"

Smishing1 mention

"SMS phishing, a social engineering attack delivered through text message…"

Watering Hole Attack1 mention

"…ecific industries or organizations without sending a single phishing email. Threat intelligence analysts monitor for compromised…"

Ransomware1 mention

"…o publish it (double extortion). Ransomware spreads through phishing, exposed RDP, and supply chain compromises."

Tactics, Techniques, and Procedures1 mention

"…persistence). Techniques are how they achieve those goals (phishing, scheduled tasks). Procedures are the specific implementati…"

Model Evasion1 mention

"…malware samples that bypass ML-based detection, or creating phishing emails that avoid AI content filters. Evasion exploits blin…"

Passwordless Authentication1 mention

"…acing shared secrets with cryptographic challenges that are phishing-resistant by design and do not require users to remember or…"

Insider Threat1 mention

"…ge) or unintentional (accidental data exposure, falling for phishing). Detection requires monitoring user behavior while respect…"

Human Factors in Security1 mention

"…outcomes. Human factors research examines why people click phishing links, ignore security warnings, reuse passwords, and circu…"

Security Culture Assessment1 mention

"…cy compliance. Assessments use surveys, behavioral metrics (phishing simulation results, incident reporting rates, policy except…"

Passwordless Enterprise1 mention

"…swords entirely across an organization, replacing them with phishing-resistant methods such as FIDO2 security keys, platform aut…"

Human Risk Management1 mention

"…ity risks caused by human behavior. HRM platforms go beyond phishing simulations to aggregate signals from email security, DLP,…"

Digital Risk Protection1 mention

"…, people, and data. DRP services detect leaked credentials, phishing domains impersonating the brand, executive impersonation, d…"

Cybersecurity professionals who work with Phishing include SOC Analyst, Incident Responder, Security Engineer. These roles apply Phishing knowledge within the Offensive Security domain.

Sources

CISA Phishing Guide

Definitions are original explanations written for career development purposes. For authoritative technical definitions, refer to NIST, ISO, or the relevant standards body.

Last verified: April 2026?Report an inaccuracy

This role lives inside a packaged path

Want the curriculum, comp delta, and recommended courses for this role?

DecipherU bundles cybersecurity roles into a small set of packaged paths. Each path has the curriculum sequence, the compensation delta it unlocks, and the recommended courses, all pre-set. Two ways in:

Take the 2-min Risk Score →Open the cybersecurity path hub →