What is Phishing?
Phishing is a form of cyber crime that uses email, social networking and SMS text messages to gain access to private information. This includes usernames and passwords, bank accounts, credit card details, or other sensitive data.
The phisher may also use public sources of information to collect background data on the victim, such as social media profiles. This makes it easier to craft a believable message and deceive the target into giving away confidential information or installing malware on their device.
In a typical phishing attack, the phisher will represent themselves as an official company account. They will include the company logo, address and contact email address. The message will also be well written and have the correct formatting.
These messages are often sent to victims who are new to a particular service. They will then be tricked into clicking a link that leads them to a fake website. This will install malicious software on the victim’s device, which is then used to steal their banking details.
Another common type of phishing is clone phishing, where the attackers create a copy of a legitimate email and replace the links or attachments with malicious substitutions. This allows them to hijack the victim’s systems and gain access to confidential information (Ollmann, 2004).
Spear phishing is a more in-depth version of phishing where the threat actor is targeting an individual or an organization. This usually requires specialized knowledge about the target, such as their job title and organizational power structure.