Phishing – What is Phishing?
Phishing is an attack that attempts to trick victims into clicking on a link or attachment that will deliver malware and/or take them to a fake website where they will be asked to hand over sensitive information. These attacks often use emotional manipulation and rely on a victim’s sense of curiosity or fear to coax them into acting without thinking.
For example, the classic “URGENT message from your bank” or “You’ve won a lottery!” messages try to scare victims into making a mistake and handing over their passwords. These messages also target specific people and companies, using their real name and logo to fool the victim into believing they are dealing with a trusted source.
Other phishing attacks, known as spear phishing, target specific people and businesses and are often more sophisticated. For example, a cyber criminal can pose as a supplier or even the company CEO to coax employees into making large financial transfers into their accounts. This type of phishing is often known as business email compromise (BEC).
A good rule of thumb to remember is that if something is out of the ordinary, unexpected or out of character don’t click on it! Check out this great KnowBe4 resource that outlines 22 social engineering red flags to look out for. Similarly, if an email is coming from someone you normally do business with and asking for personal or financial information, contact them directly via another channel to confirm they sent the email.