menu_book Tactic

Phishing

Also known as: Phishing attack

Phishing is a social-engineering attack that deceives victims into revealing credentials or running malware, usually through fraudulent emails, messages, or websites. It is a primary delivery vector for infostealers and a leading cause of credential compromise.

What is phishing?

Phishing uses deception — emails, texts, or fake websites impersonating trusted entities — to trick people into entering credentials or opening malicious attachments. Targeted variants include spear phishing (specific individuals) and business email compromise.

Phishing and infostealers

Many infostealers (Agent Tesla, Snake Keylogger, FormBook) are delivered via phishing attachments. Phishing also directly harvests credentials through fake login pages, feeding the same credential-theft economy as infostealer logs.

How VantaPrism Tracks Phishing

Whether credentials are lost to a phishing page or a phishing-delivered stealer, VantaPrism surfaces the resulting exposures when stolen data reaches monitored channels.

Check Your Exposure arrow_forward

Frequently Asked Questions

How is phishing connected to infostealers?

expand_more

Phishing emails are a common way to deliver infostealer attachments, and phishing pages directly harvest credentials — both feed the credential-theft economy.

Related Terms

Infostealer Malware arrow_outward

Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…

Credential Theft arrow_outward

Credential theft is the act of stealing authentication data — usernames, passwords, tokens, and session cookies — so…

Compromised Credentials arrow_outward

Compromised credentials are usernames and passwords that have been exposed to unauthorized parties — frequently throu…

Agent Tesla arrow_outward

Agent Tesla is a long-established .NET-based infostealer and remote access tool that logs keystrokes, captures screen…

← All Glossary Terms Last reviewed: June 2026