Skip to main content
ThreatsSIEMXDRFirewall

What is Phishing?

Phishing is a social engineering attack delivered via email, SMS, voice calls, or other channels that deceives recipients into revealing credentials, downloading malware, or taking actions that compromise security, often by impersonating trusted entities.

Definition

Phishing
Phishing is a social engineering attack delivered via email, SMS, voice calls, or other channels that deceives recipients into revealing credentials, downloading malware, or taking actions that compromise security, often by impersonating trusted entities.

How Phishing Works

Phishing is the most common initial access vector for both opportunistic cybercrime and targeted APT campaigns. Standard phishing casts a wide net with generic lures (fake PayPal alerts, IRS notices). Spearphishing uses personalized content researched from LinkedIn and company websites. Whaling targets executives. Vishing uses voice calls. Smishing uses SMS.

Modern attacks use adversary-in-the-middle (AiTM) proxies that bypass MFA by relaying authentication traffic in real time and capturing session tokens. Business Email Compromise (BEC) uses compromised or spoofed executive accounts to request fraudulent wire transfers without any malicious link or attachment, evading most technical controls.

Defense requires technical controls (email security gateways with sandboxing, DMARC/DKIM/SPF, browser isolation) and human controls (security awareness training, simulated phishing exercises, clear reporting processes). Successful phishing exploits urgency, authority, and fear, psychological principles that bypass rational decision-making.

Phishing in SOC Operations

Phishing investigations are among the most frequent tasks in your queue. When a user reports a suspicious email, you determine: Is the email malicious? Did the user click links or open attachments? Were credentials entered on a phishing page? Has the account been compromised? This requires checking email gateway logs, browser history from EDR, authentication logs for suspicious logins, and potentially resetting credentials and revoking sessions.

Free forever

Practice Phishing in a Real SOC

SOCSimulator provides hands-on training with realistic SIEM, XDR, and Firewall interfaces. Build real analyst skills investigating phishing scenarios with zero consequences — free forever.

Start Free — No Credit CardTry Shift Mode

Related Terms

Social EngineeringThreats

Social engineering is the psychological manipulation of individuals into performing actions or revea...

APTThreats

An Advanced Persistent Threat (APT) is a sophisticated, often nation-state-sponsored threat actor co...

Command and ControlThreats

Command and Control (C2) refers to the infrastructure and communication channels adversaries use to ...

Kill ChainConcepts

The Cyber Kill Chain is a framework developed by Lockheed Martin that describes seven sequential sta...

More Threats Terms

Brute Force AttackLateral MovementPrivilege EscalationPersistenceCommand and ControlExfiltrationAll Threats

Related SOC Training Resources

Career Path

Threat Hunter Career Guide — Salary & Skills

Threat Hunters do not wait for alerts. You develop hypotheses based on threat intelligence and adversary behavior models…

Read more Career Path

Incident Responder Career Guide — Salary & Skills

Incident Responders lead the technical response when confirmed breaches happen. You coordinate containment, run forensic…

Read more Career Path

SOC Analyst (Tier 2) Career Guide — Salary & Skills

Tier 2 SOC Analysts handle the investigations that Tier 1 escalates. You dig into multi-stage attacks, coordinate contai…

Read more Comparison

SOCSimulator vs Hack The Box — Comparison

Different tools for different career paths. SOCSimulator trains defensive analysts. Hack The Box trains offensive securi…

Read more Comparison

SOCSimulator vs TryHackMe — Comparison

SOCSimulator is the better tool for dedicated SOC analyst preparation. TryHackMe is the better tool for broad cybersecur…

Read more Tool

SIEM Training Console — SOCSimulator

The SIEM console in SOCSimulator replicates the workflow of enterprise platforms like Splunk Enterprise Security, Micros…

Read more Tool

XDR Training Console — SOCSimulator

The XDR console in SOCSimulator replicates the investigation workflow of platforms like CrowdStrike Falcon, Microsoft De…

Read more Tool

Firewall Training Console — SOCSimulator

The Firewall console in SOCSimulator replicates the log analysis experience of enterprise platforms like Palo Alto Netwo…

Read more Technique

MITRE ATT&CK Techniques — Detection Training Library

Browse all MITRE ATT&CK techniques with detection strategies and example alerts.

Read more Career Path

Cybersecurity Career Paths — 2026 Guide

Explore SOC analyst career paths with salary data, required skills, and certification roadmaps.

Read more Playbook

SOC Investigation Playbooks — Step-by-Step Guides

Practitioner investigation playbooks with decision trees and real SIEM queries.

Read more Feature

Shift Mode — Real-Time SOC Simulation

Practice alert triage under realistic time pressure with SLA timers and noise injection.

Read more

We use cookies to improve your experience and measure usage. Learn more