# Phishing

**What is phishing?**

Phishing is an attempt to obtain credentials or money through faked messages. The message poses as a known sender and creates time pressure.

In spear phishing the message targets one specific person and uses real details from their working life. In CEO fraud the sender poses as management and orders an urgent transfer, often while travelling or just before the end of the day.

Technical filters catch part of the traffic. The rest comes down to two things: two-factor login, which largely devalues a stolen password, and a fixed process that ties every payment approval to a second person and a second channel.

## Related terms
- [Social engineering](https://vetosec.at/en/it-security/social-engineering/)
- [CEO fraud and invoice fraud](https://vetosec.at/en/it-security/ceo-fraud/)
- [Security awareness training](https://vetosec.at/en/it-security/awareness-schulung/)
- [SPF, DKIM and DMARC](https://vetosec.at/en/it-security/spf-dkim-dmarc/)

## Source
https://vetosec.at/en/it-security/phishing/ (vetosec, angriffe)
