See why 9,000+ companies trust Darktrace
Thanks, your request has been received
A member of our team will be in touch with you shortly.
Oops! Something went wrong while submitting the form.

Phishing definition

Phishing is the process of sending fraudulent emails, while posing as legitimate sender, to convince people to reveal sensitive information such as passwords, social security numbers, bank account information, and more. 

Email phishing is one of the most common ways attackers are able to successfully infiltrate systems. In 2022, Microsoft alone recorded over 70 billion attempts at email and identity threat attacks.

IT teams can take as long as 13 days on average to recognize new phishing attacks, according to research conducted by Darktrace, and by focusing on historical attack data they can only catch up with threats they have seen before.

How does phishing work?

Phishing is a form of social engineering that makes it difficult for traditional legacy security systems to detect malicious behavior. Therefore, organizations often train their employees to identify spoofed emails or malicious links or are forced to manually sort through flagged emails and set parameters for known malicious links and files which can take up a lot of time. However, there are robust security systems that can detect, respond, and stop phishing attacks at every stage of the attack lifecycle. 

A threat actor can take several approaches to conduct a phishing attack:

A targeted attack, one that focuses on a specific individual or organization, can involve intense research on personnel and communication within that organization.

In a widespread attack, the threat actor is generalizing their messaging and hope their victims don’t recognize their fraudulent emails. Ultimately, the goal is to facilitate communication with a party and extract valuable information by using a sense of urgency to fool the victims.

Phishing case studies

Bytesize security: HTML phishing attachments

How one email took down a logistics company

Common types of phishing

Social Engineering

Social engineering is a technique used by cyber-criminals to manipulate the humans behind machines rather than exploiting code-based vulnerabilities. This can be done by impersonating legitimate parties, targeting vulnerable individuals, building trust with a victim, creating a sense of urgency in a message, and more. Social engineering can be used to enhance phishing, smishing, spoofing, or other cyber-attacks that target humans. Because humans are susceptible to trusting other humans, the goal of social engineering is to present the victim with a seemingly legitimate situation.

Email Spoofing

Email spoofing is the forging of email headers to make messages appear as if they are from a trusted source. Email spoofing is a common technique in email cyber attacks and is used by cybercriminals to trick recipients into revealing personal information or downloading malware.

Hidden Links

Hidden links involve links to webpages embedded within web content or emails that are not readily visible to users. Often used for malicious purposes such as redirecting users to phishing sites or executing drive-by downloads.

URL Shortening

URL shortening is a common practice in the IT space to condense a long URL into a shorter format to make it easier to share. However, this can also be exploited by attackers to disguise malicious links and evade detection.

Malicious Redirects

Malicious redirects are unauthorized actions that divert web traffic from its intended destination to a malicious website. This method is often employed by attackers to infect users with malware or steal sensitive information.


Smishing, short for "SMS phishing", is a form of cyber attack that uses text messages to trick people into revealing sensitive information or installing malware on their devices. Smishing attacks often involve sending fraudulent messages that appear to be from a legitimate source, such as a bank, social media site, or other trusted organization.

Spear phishing attacks

Spear phishing attacks are a type of cyber attack that targets a specific individual or organization rather than a broad audience. This usually involves an attacker conducting a significant amount of research on an organization or individual to make their attack seem more credible by contextualizing their message with relevant information.  


Vishing (voice phishing) uses voice communication to get people to reveal their sensitive information. Attackers will often have an automated voicemail ready that asks individuals for their social security number or bank account information. They sometimes mask their identity as a loan provider or banking institution. 

Watering hole attack

A watering hole attack is a type of cyber attack in which the attacker targets a specific group of individuals by infecting websites that they are known to visit. This type of attack is named after the watering holes where animals gather to drink water in the wild. Just as predators wait at watering holes to ambush their prey, cyber attackers wait at compromised websites to target their victims.

A person sitting by himself, typing on a laptop, surrounded by people engaged in similar work.

Common indicators of phishing

Common indicators of a phishing attempt include suspicious links or attachments in emails, misspelled words or unusual grammar, requests for sensitive information, and urgency or threats to act quickly.

The rising accessibility of generative AI means that more phishing messages may not have the traditional misspelled words or unusual grammar. As these attacks grow in sophistication, security tactics must evolve as well.

How to protect against phishing

To avoid falling victim to a phishing attack, it's important to be cautious of any unexpected or suspicious messages, particularly those that ask for personal information. It's always a good idea to independently verify the legitimacy of any request by contacting the organization directly, rather than clicking on a link or providing information through an unsolicited message. Although these measures are valuable, the email conversation is shifting and CISOs and other security professional should consider advanced tools to stop increasingly sophisticated cyber attacks. 

Organizations can prevent phishing attacks by being cautious of suspicious emails, using anti-virus software, and implementing a strong cyber security infrastructure. A strong cyber security infrastructure includes detection and response systems, firewalls, visibility across all your digital assets, having security systems that integrate with your network and cloud-based applications, and more.

Phishing solutions

Security solutions such as email filtering, anti-virus software, and security awareness training can help detect and prevent phishing attacks. More advanced solutions, such as AI powered cyber security, can also be used to train employees, comply with security directives/regulations, and level up security teams. 

With Self-Learning AI, Darktrace can identify phishing attacks by understanding your organization. It analyzes emails for the sender, recipients, tone and sentiment, and hundreds of other factors to determine if something doesn’t look right. Then it neutralizes the threat, even on the first encounter.  

Darktrace PREVENT allows the security team to identify, prioritize, and test vulnerabilities, reducing risk and hardening defenses both inside the organization and outside on the attack surface – continuously and autonomously.

Darktrace DETECT delivers instant visibility into the most advanced threats like phishing by understanding what’s normal in your organization, to identify what’s not.

Darktrace RESPOND delivers autonomous, always-on action to contain and disarm attacks within seconds. When a threat like malware is detected, RESPOND leverages Darktrace’s understanding of “self”, to pinpoint signs of an emerging attack, stopping malicious activity, while allowing normal business to continue.