Phishing – Fishing For Sensitive Information
Phishing – fishing for sensitive information
The term “phishing” is derived from the words “fishing” and “hacking.” Cyber criminals use fake emails, websites, or advertisements to steal confidential personal data. They use these tactics to phish for information like passwords, bank account numbers, usernames, and credit card details.
Defending against phishing attacks requires a combination of technological, process and people-based mitigations to be effective. For example, if you want to encourage employees to report suspicious emails, it’s important that you have a technical means of doing so and a process for providing timely feedback on the email they submitted.
Spear phishing
A more targeted approach to phishing, spear phishing uses topics and themes that are relevant to your organisation. For instance, if your IT team has just had a high-profile hack, you may receive an email that looks like it’s from the technology vendor about resetting accounts.
Link manipulation
This is the simplest form of phishing, where malicious links are created to look like legitimate web resources. For example, the link in an email that says it’s from your bank’s website will actually be a URL shortening service, such as Bitly, that hides the destination address.
Angler phishing
Scammers take advantage of people with unresolved customer complaints to collect information about them, including usernames and passwords. They then use this data to break into their victims’ accounts and steal their money.