What is Phishing?
Phishing is an attack that tricks someone into handing over sensitive information, such as a credit card number or password. The attacker then uses that data to breach a system or account.
Phishers use fear to motivate people to act without thinking. They often claim to represent a company, the police, or another authority figure. They might also make an offer that sounds too good to be true. This can lead to a victim clicking a link in an email, which directs them to a fake website that looks like the real thing (and might even display a padlock icon). They enter their username and password on that site. That information then goes to the attacker, who can then access their bank accounts or steal other personal details.
The term phishing derives from the word “fishing,” and the first recorded mention of it was in a 1996 Usenet chat log. The first known phishing attack targeted the security systems of AOL, using a string of characters that matched a tag used in the chat logs.
It’s important to remember that phishing attacks can come from anywhere. While phishing has traditionally involved emails, the attacks have moved into other mediums, such as social media and instant messaging, or SMS phishing (aka smishing). For example, a recent phishing campaign claimed to be from Microsoft and asked victims to sign into their OneDrive accounts to verify their identity and allow them to share files.