---
type: "term"
title: "Phishing"
description: "A social engineering technique using deceptive communications (email, SMS, voice) to trick individuals into taking actions that compromise security."
resource: "tlctc:term:phishing"
tags:
  - "glossary"
---
# Phishing

A social engineering technique using deceptive communications (email, SMS, voice) to trick individuals into taking actions that compromise security. In TLCTC: phishing is the **delivery vector**, not a distinct threat category. The phishing lure/deception phase maps to `#9 Social Engineering`. Subsequent steps map to their respective clusters depending on the payload:

- Credential harvesting: `#9 → #4` (phishing → identity theft)
- Malware delivery: `#9 → #7` (phishing → malware execution)
- Browser exploit: `#9 → #3` (phishing → client exploitation)
- Feature misconfiguration: `#9 → #1` (phishing → abuse of functions)

Variants include Spear Phishing, Whaling, Vishing, and Smishing.

**Reference:** V1.9.1 Clarifications, Buzz-Word Refinement (#9)

See also: Social Engineering (#9), Spear Phishing, Vishing, Smishing