Trust Center

Phishing & Social Engineering

Last Updated: April 17, 2025 2:38 pm MDT

What is phishing?

Phishing is a cyberattack where attackers impersonate trusted sources to trick individuals into revealing sensitive information, such as login credentials, financial data, or personal details.

How does social engineering differ from phishing?

Social engineering is a broader tactic that manipulates individuals into divulging confidential information or performing actions that compromise security. Phishing is a specific type of social engineering that typically occurs via email, text, or fake websites.

Why is phishing a major security threat?

Phishing is one of the most common and successful attack methods because it exploits human trust rather than technical vulnerabilities. It can lead to data breaches, financial losses, and system compromises.

What are the different types of phishing attacks?

Common phishing attacks include:

  • Email Phishing – Deceptive emails posing as legitimate requests.
  • Spear Phishing – Targeted emails customized for specific individuals.
  • Smishing – Fraudulent SMS messages leading to fake login pages.
  • Vishing – Phone-based scams impersonating IT or financial institutions.
  • Whaling – Targeted attacks on executives or high-level employees.
  • Pretexting – Scammers create a false scenario to gain trust

What should I do if I receive a suspicious email or message?

Do not click on links, download attachments, or respond. Instead, report the email as phishing through your email client or your security team.

How can I recognize a phishing attempt?

Be cautious of emails or messages that:

  • Create urgency (e.g., “Your account will be locked in 24 hours!”)
  • Request sensitive information like passwords or financial data
  • Have unexpected attachments or suspicious links
  • Come from unusual or misspelled email addresses

What are some best practices to avoid phishing attacks?

Follow these guidelines:

  • Verify the sender before responding or clicking links.
  • Hover over links to check their actual destination before clicking.
  • Never provide sensitive information via email, phone, or text.
  • Keep your passwords secure and enable multi-factor authentication (MFA).