Phishing – The Attack Tactic That Tricks Victims Into Installing Malware Or Handling Confidential Information
Phishing is an attack tactic used by attackers to trick victims into either installing malware or handing over confidential information. It has evolved significantly over the years, and no longer focuses solely on email as cyber criminals can target a victim via a range of electronic communication methods, including social media and mobile devices.
Email still remains a large focus of attacks, but it is important to keep in mind that not all emails are legitimate. If an email asks for non-standard actions or contains spelling or grammatical errors, it is likely malicious. Spelling errors are an easy giveaway as most companies use professional copy writers or at least a spell checker for their official correspondence.
Often, attackers will create a sense of urgency in their communications by telling a victim they need to take action immediately. This tactic can be effective because the recipient may not have the time to carefully examine or verify the message’s contents.
In a more advanced form of phishing, attackers can even use their victim’s personal information to craft messages that appear to be from a trusted source, such as a colleague or family member. These tactics are known as spear phishing. One such attack that came to light in 2016 was when employees at the University of Kansas responded to a phishing email and handed over their paycheck deposit information. The attackers then used this to transfer money into the victim’s bank account.