Home
HomeGlossaryPhishing

Phishing

MITRE ATTACK layer: Initial Access

ON THIS PAGE

Unlock 442% ROI*

Control all your endpoints in a single platform.

4.6/5
Book a Demo

*Return on investment over three years as per the Total Economic Impact™ (TEI) study by Forrester

Phishing is a social engineering attack where an attacker impersonates a trusted entity to trick a user into revealing credentials, approving malicious access, or executing an action they otherwise would not. It exploits human trust rather than technical vulnerabilities.

How is Phishing abused

Attackers deliver convincing emails, messages, or links that redirect victims to fake login pages, malicious attachments, or OAuth consent screens. Once the user interacts, attackers harvest credentials, steal session tokens, or gain delegated access, often bypassing MFA and traditional security controls.

Why Phishing matters

Phishing remains the most common initial access vector for enterprise breaches. A single successful phishing interaction can lead to account takeover, lateral movement across SaaS applications, Business Email Compromise, or ransomware deployment without triggering security alerts.

Real-world example

HM Revenue & Customs (UK) Phishing Fraud — £47 million stolen

In 2025, UK tax authority HMRC disclosed that organised criminals executed a phishing attack targeting around 100,000 taxpayers’ online accounts. The attackers used fraudulent access to HMRC online accounts to redirect refunds or perform unauthorized submissions, ultimately extracting £47 million from the public purse. The agency later corrected accounts and initiated criminal investigations, though concerns were raised about delayed disclosure.

Source

Get the full attack repository

Get our entire attack repository in a single, offline-ready PDF guide, featuring 25+ real-world attacks.

Please enter a valid email.Please enter a email.
By clicking 'Download EBOOK', you agree to processing of personal data according to the Privacy Policy.

Related topics

Initial Access
Spear Phishing
Read more
Initial Access
Business Email Compromise
Read more
Initial Access
Man-in-the-Middle Attack
Read more

Additional Resources

Research
Achieve 442% ROI and reduce patching time by 95% — Forrester TEI Report

See how organizations gained 442% ROI and major efficiency improvements with Endpoint Central.

Read more
Security validation
Experience enterprise-grade protection proven in real-world tests — AV-Comparatives Report

Discover how Endpoint Central’s antivirus earned recognition through rigorous, real-world security validation in just eight months.

Read more
Guide
Simplify endpoint security and build cyber resilience — Endpoint Security For Dummies

Get a clear, practical guide to understanding threats and strengthening your organization’s security.

Read more

Trusted by

Unified Endpoint Management and Security Solution
Patch ManagementSoftware DeploymentEndpoint SecurityOS DeploymentAsset ManagementMobile Device MgmtTools & Configurations