StackShield
Attack Types

What Is Phishing?

A social engineering attack where an attacker impersonates a trusted entity to trick victims into revealing sensitive information (credentials, financial data) or performing harmful actions (clicking malicious links, downloading malware). Phishing typically occurs via email but also through SMS, phone calls, and fake websites.

In Laravel Applications

Protect your Laravel application's users from phishing by implementing SPF/DKIM/DMARC (preventing email spoofing from your domain), preventing subdomain takeovers (which can host fake login pages), and using HTTPS everywhere.

Example

An attacker takes over an abandoned subdomain (staging.yourapp.com) and creates a fake login page. They send emails from your domain (possible without DMARC) directing users to the fake page.

Related Terms

SPF, DKIM, and DMARC

Three complementary email authentication standards that prevent email spoofing. SPF (Sender Policy Framework) specifies which servers can send email for your domain. DKIM (DomainKeys Identified Mail) adds a cryptographic signature to verify emails were not tampered with. DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving servers how to handle emails that fail SPF/DKIM checks.

Subdomain Takeover

A vulnerability where a DNS record (usually a CNAME) points to an external service that is no longer controlled by the domain owner. An attacker can claim the abandoned service and serve their own content on the subdomain, which appears to be part of the legitimate domain.

Related Articles

PHP Supply Chain Attacks: How Malicious Packages Sneak Into composer.json

Typosquatting, dependency confusion, and hijacked maintainer accounts. A breakdown of how PHP supply chain attacks work, real incidents, and what you can do to protect your Composer dependencies.

Subdomain Takeover: How Dangling DNS Records Put Your Laravel App at Risk

Dangling DNS records are one of the most overlooked attack vectors in Laravel deployments. Learn how subdomain takeover works, why deprovisioned cloud resources create exploitable gaps, and how to protect your application.

Laravel CORS Misconfiguration: How Wildcard Origins Let Any Site Call Your API

Your Laravel CORS config might be letting any website make authenticated API calls as your users. We break down the 3 most dangerous cors.php misconfigurations, show how attackers exploit them, and give you the exact fix for each one.

Monitor Your Laravel Application's Security

StackShield continuously checks your Laravel application from the outside, catching security issues before attackers find them.

Start Free Trial