Phishing & Social Engineering.

Phishing is social engineering via email designed to steal credentials or install malware. Remains the top attack vector for initial compromise.

• Email phishing: Generic or personalized messages with malicious links/attachments
• Spear phishing: Targeted attacks using personal information
• Whaling: Targeting high-value executives
• Vishing: Voice-based social engineering
• Smishing: SMS-based phishing

• Email authentication (SPF, DKIM, DMARC)
• User awareness training
• Link/attachment sandboxing
• Behavioral analysis
• Threat intelligence feeds

• Multi-factor authentication (MFA)
• Email security controls
• Regular security training
• Incident response plan
• Monitor for compromised credentials