What is Phishing?
Phishing is the name for a type of social engineering attack where an attacker impersonates a trusted source, such as a bank, service provider, retailer or government agency, to trick a victim into providing sensitive information. Attackers use tactics such as fear and a sense of urgency to manipulate victims into taking action without thinking it through. This could include clicking a link, entering their login credentials into a fake webpage or downloading a malicious attachment that automatically installs malware on the victim’s device.
Often, the most convincing phishing attacks are not obvious at first glance. For example, attackers may use misspelled words or jumbled URLs to make the fake message appear authentic. In addition, attackers are increasingly using technical code buried within an email or message to hijack the victim’s device and take them to a malicious site.
Attackers also impersonate trusted sources over the telephone and through instant messaging and other social media platforms. Often, the attacks use tactics such as voice impersonation and artificial intelligence to sound like the real thing. This type of phishing is called spear phishing because it requires specific knowledge about an organization and its power structure to be effective.
The attackers behind a successful phishing attack can steal everything they need to ransack a company or individual’s personal and business accounts, including usernames, passwords, financial information and more. The results of a phishing attack can be devastating. With the information they steal, fraudsters can drain a victim’s bank account, run up bills on credit cards and even create identity theft in their names.