Phishing is a social engineering attack where an adversary impersonates a trusted entity to trick the target into revealing credentials, installing malware, or taking an action that compromises their security. The name comes from the fishing analogy: casting a wide net to catch whoever takes the bait.
What it means in practice
Spear phishing is targeted phishing against a specific individual, using personal information gathered from social media, data brokers, or prior reconnaissance. It is the method most likely to succeed against journalists, lawyers, and NGO workers because it is tailored to appear credible to the specific target.
Smishing is phishing via SMS. Vishing is phishing via voice call. Both are increasingly common against high-value targets. A password manager with autofill provides partial protection: it will not autofill credentials on a spoofed domain, which helps when the attack relies on a convincing fake login page.
Related articles
Most journalists are compromised before they know it. | How to build your threat model.