What is phishing attack?

Phishing is a form of fraud in which the attacker tries to steal sensitive information such as usernames, passwords, and credit card details etc. The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim. The most common type of phishing scam, deceptive phishing refers to any attack by which fraudsters impersonate a legitimate company and attempt to steal people’s personal information or login credentials.


 
Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Typically a victim receives a message that appears to have been sent by a known contact or organization. An attachment or links in the message may install malware on the user’s device or direct them to a malicious website set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details.

For example, PayPal scammers might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake PayPal login page that collects a user’s login credentials and delivers them to the attackers.

Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer’s defenses. Although some phishing emails are poorly written and clearly fake, sophisticated cybercriminals employ the techniques of professional marketers to identify the most effective types of messages.

On the contrary, phishing is constantly evolving to adopt new forms and techniques. With that in mind, it’s imperative that organizations conduct security awareness training on an ongoing basis so that their employees and executives stay on top of emerging phishing attacks.

Comments