Phishing

While email is the primary vector, phishing has evolved across multiple platforms:

• Smishing (SMS Phishing): Malicious links sent via text message (e.g., "Your package delivery failed, click here").
• Vishing (Voice Phishing): Fraudulent phone calls, often using AI-generated voices to impersonate bank officials or tech support.
• Angler Phishing: Fake social media accounts that "intercept" customer service complaints to steal account access.

• Mismatched URLs: Hover your mouse over a link. If the text says bankofamerica.com but the link points to login-secure-update.net, it’s a scam.
• Urgent or Threatening Language: Phrases like "Account suspended" or "Action required within 2 hours" are designed to make you act without thinking.
• Generic Salutations: Legitimate companies you do business with will usually address you by your first name rather than "Dear Valued Customer."

Phishing is the most common form of social engineering. Attackers send emails that appear to come from legitimate sources, such as banks, vendors, or internal IT departments, asking recipients to click links, open attachments, or provide credentials. Most breaches rely on the human element, that is, they need someone at the other end through which they can operate. This includes phishing, pretexting, credential abuse, errors, and interactions with malware.

AI-powered attacks have made phishing more convincing. Attackers now use large language models to write grammatically correct emails in multiple languages, craft personalized messages based on scraped social media data, and generate realistic voice calls that mimic executives or colleagues. The WatchGuard Internet Security Report (H2 2025) noted a rise in phishing campaigns using malicious PowerShell scripts to stage "Malware-as-a-Service" tools, such as Remote Access Trojans (RATs)., indicating that attackers shifted toward social engineering tactics to execute their campaigns.