Skip to content
FortaRisks
Back to the glossaryAttacks and incidents

Phishing

Phishing is an attack that manipulates a person into revealing sensitive information or performing a dangerous action, by impersonating a trusted party. It is the most widespread intrusion vector, now amplified by artificial intelligence.

Updated on July 2, 2026

What is phishing?

Phishing is a social-engineering technique: rather than attacking a machine, the attacker manipulates a person. By posing as a legitimate party (a bank, a colleague, a supplier), they induce the target to click a booby-trapped link, open a malicious attachment, enter credentials or make a payment.

It is often the first step of a broader attack: access gained through phishing is then used to move through the system, deploy ransomware or exfiltrate data.

Why it matters for your organization

Phishing remains the most common entry point for cyberattacks, precisely because it bypasses technical defenses by targeting the human. A single deceived person can be enough to compromise an entire organization.

The arrival of generative AI has made these attacks far more credible and personalized. The usual tells, such as language errors, disappear, and deepfakes add a layer of deception over voice and image.

How to reduce the risk

  • Multi-factor authentication to limit the impact of a stolen credential.
  • Continuous awareness and realistic simulation exercises.
  • Email filtering and mailbox protection (SPF, DKIM, DMARC).
  • Verification procedures for sensitive requests, notably transfers.
  • Easy reporting so employees raise the alarm quickly when in doubt.

Where organizations most often fall short

The classic mistake is betting everything on training in hope of a zero click rate, an unrealistic goal. Better to assume a phishing attempt will eventually succeed and limit the consequences through multi-factor authentication, segmentation and verification procedures. The other pitfall is neglecting business email compromise, which often contains no link or attachment to detect.

Frequently asked questions

What are the main forms of phishing?

Mass phishing targets many recipients. Spear phishing targets a specific person with a personalized message. Smishing uses SMS, vishing uses voice. Business email compromise, or BEC, impersonates an executive to order a transfer or an urgent action.

How does AI change phishing?

Generative AI removes the signals that once gave a lure away: spelling mistakes, awkward phrasing, inconsistencies. It produces credible messages at scale, in every language, and adds voice or video deepfakes. Vigilance based on message quality alone is no longer enough.

See your real risk in a 30-minute demo.

A member of our team walks you through FortaRisks on threats relevant to your sector. No chatbot.