Home/ Glossary/ Phishing

Phishing (Phishing)

Security Glossary - Email Authentication

Definition: Phishing is a social engineering attack where attackers impersonate a trusted entity to trick victims into revealing sensitive information (passwords, credit card numbers) or performing actions (clicking malicious links, downloading malware). It typically occurs through email but also via SMS (smishing), phone calls (vishing), and fake websites.

Why Phishing Matters

Phishing is consistently the most common initial attack vector for security breaches. Attackers target employees, customers, and website visitors using emails that impersonate the organization. A phishing email from what appears to be your domain damages your brand trust even if your systems were not compromised.

Email authentication (SPF, DKIM, DMARC) is the primary technical defense against email-based phishing that spoofs your domain. When your domain has DMARC with p=reject, receiving servers block emails that fail authentication, preventing most domain-spoofing phishing attacks from reaching inboxes.

Beyond email authentication, protecting your users from phishing requires HTTPS (so users can verify they are on your real site), clear communication channels (so users know how you will contact them), and security awareness. Google Safe Browsing and domain reputation monitoring can alert you if your domain or lookalike domains are flagged for phishing.

Testing Your Configuration

Check your domain's email authentication with a DNS health checker (SPF, DKIM, DMARC). Monitor Google Safe Browsing status and domain reputation. Use Certificate Transparency logs to detect phishing sites using certificates for lookalike domains.

Check DNS Health

Real-World Example

In 2020, the Twitter Bitcoin scam compromised high-profile accounts (Barack Obama, Elon Musk, Apple) through a phone-based spear phishing attack targeting Twitter employees. Attackers used social engineering to obtain internal tool credentials, then posted cryptocurrency scam messages from verified accounts, collecting over $100,000 in Bitcoin within hours.

Frequently Asked Questions

How does DMARC help prevent phishing?
DMARC with p=reject tells receiving mail servers to block emails that fail authentication - meaning emails that claim to be from your domain but were not sent by your authorized servers. This prevents attackers from spoofing your exact domain in phishing emails.
Can DMARC prevent all phishing?
No. DMARC prevents spoofing of your exact domain, but attackers can still use lookalike domains (like examp1e.com instead of example.com). DMARC also cannot prevent phishing emails that do not spoof your domain. It is one layer in a multi-layered defense.

Related Terms

Email Spoofing Domain-based Message Authentication, Reporting and Conformance Google Safe Browsing Domain Reputation Man-in-the-Middle Attack
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.