Fraudulent process of attempting to acquire private or confidential information by masquerading as a trustworthy entity in an electronic communication.

  • NOTE Phishing can be accomplished by using social engineering or technical deception.

Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards


A digital form of social engineering to deceive individuals into providing sensitive information.

Adapted from: NCSD Glossary, CNSSI 4009, NIST SP 800-63 Rev 1.

Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies ( as of 11 November 2015, Global Standards



Type of security attack that lures victims to reveal information, by presenting a forged email to lure the recipient to a web site that looks like it is associated with a legitimate source.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard

Comments are closed.