Chapter 2 will define dozens of terms used when discussing phishing-related events. It will include examples of many different types of phishing. My hope is that everyone, whether new to phishing or not, will walk away with a stronger base understanding of what's possible with social engineering and phishing.

Social Engineering

Let's revisit the definition of social engineering from Chapter 1, “Introduction to Social Engineering and Phishing.” As used in this book, social engineering is a malicious scam, where a perpetrator is often pretending to be someone else, a group, or a brand that the potential victim might implicitly trust more (than an unknown person), attempting to get the victim to perform an action that is contrary to their self-interests.

Phish

As discussed in Chapter 1, phishing is a type of criminal social engineering that involves online digital media. Phishing can happen in many different ways, including email (the most popular method), voice calls, in-person, websites, text messages, instant messaging, collaboration apps, and social media. Figure 2-1 is an example of a common type of phishing email.

In this example, a fake Netflix email is trying to get the potential victim's Netflix login credentials or credit card number. You can see that the originating ...