Phishing

Phishing is a social engineering attack in which an adversary impersonates a trusted entity to deceive individuals into revealing credentials, clicking malicious links, or transferring funds. Phishing is one of the most common initial access vectors in both ransomware attacks and data breaches. In third-party cyber risk management, vendor employees are frequent phishing targets, making email security controls a key dimension of outside-in vendor assessment.