What is Phishing?
Turkish: Oltalama (Phishing)
Phishing tricks users with fake messages or sites to steal passwords, payment data, or approval for unauthorized actions.
What is Phishing?
Phishing attacks impersonate a trusted company, manager, shipping provider, or payment service to convince a user to take the wrong action. The goal may be to steal a password, collect payment data, make the user open malware, or trigger a fraudulent approval flow.
The attack can arrive through email, SMS, social media messages, fake QR codes, search ads, or lookalike domains. More advanced campaigns proxy the real login flow and try to capture MFA codes through a MITM-style setup.
Prevention and Detection
On the email side, SPF, DKIM, and DMARC make domain impersonation harder and also affect email deliverability. Technical controls are not enough on their own; teams also need user reporting, suspicious domain monitoring, and second-channel verification for payment or approval workflows.
Phishing-resistant methods such as passkeys reduce the chance that a user can type a reusable password or one-time code into a fake site. In business processes, the most important defense is to avoid acting on high-risk requests based only on email instructions and to keep approvals inside auditable systems.
Related Terms
DMARC combines SPF and DKIM results with domain policy and reporting so email senders can reduce spoofing and phishing risk.
Email DeliverabilityEmail deliverability measures whether sent messages reach the recipient's inbox instead of being rejected, delayed, or placed in spam.
Man-in-the-Middle AttackA MITM attack intercepts traffic between two parties so an attacker can read, alter, or redirect communication without consent.
RansomwareRansomware is malware that encrypts systems or files, blocks access, and demands payment from the victim organization.