Glossary
Phishing
A social-engineering attack that tricks users into revealing credentials or executing malicious payloads, usually via email — and the most common initial access vector for data breaches.
Phishing is the social-engineering attack family where an adversary impersonates a trusted party to extract credentials, payment, or code execution from a user. It remains the dominant way attackers get their first foothold in an environment.
Per the IBM Cost of a Data Breach Report 2025, phishing is the most common initial attack vector at 16% of breaches, with an average breach cost of USD 4.8 million. AI tooling has compressed the time and language skill required to craft a convincing phishing message, and the volume reflects that.
The modern variants
- Credential phishing — fake sign-in pages that capture username and password (and increasingly, the MFA token via AiTM proxies).
- BEC (Business Email Compromise) — invoice fraud and executive impersonation conducted entirely by email, with no malware to detect.
- AiTM (Adversary-in-the-Middle) — real-time proxy of a legitimate login session, defeating non-phishing-resistant MFA.
- Deepfake voice phishing — synthesised audio of a senior executive instructing finance to act.
- Smishing and quishing — phishing via SMS or QR code.
Layered defences
- Phishing-resistant MFA (FIDO2 / passkeys) on the accounts that matter.
- DMARC, DKIM, SPF correctly configured and enforced on the inbound side.
- Conditional Access policies to block risky sign-ins.
- Awareness training that’s recurring, not annual.
- Fast incident response — phishing happens; the defining variable is how quickly it’s contained.
Symsafe delivers all five layers as part of the cybersecurity and Microsoft 365 engagements.