What is Phishing?
Phishing is how cybercriminals try to steal personal information (user IDs, passwords, credit card data) and financial information from victims. It is a form of attack that involves email, but has also been used via phone calls (so-called vishing) and through social media, text messaging services and apps.
It is possible for email filtering programs to identify many phishing attacks. But even the best spam filters can’t identify everything. And for those emails that slip past security programs, phishing is how attackers trick people into handing over their info.
Some phishing attacks are easy to spot: the aforementioned Twitter bot that sends private messages with shortened links that lead to malware. Others are more sophisticated, using pictures ripped from the internet or stock imagery to pose as someone on Facebook. They may play a long game, chatting with their target before sending a link requesting payment information.
For organizations, phishing is a major threat. It can trick employees into downloading malware, revealing sensitive information and sending money to attackers. Attackers can use that stolen info to gain privileged access to the organization’s infrastructure or compromise communications.
To keep attackers from getting your info, change your passwords frequently and don’t click on unfamiliar or unexpected attachments. Also, install firewalls that block malicious outgoing requests. Keep software and firmware up-to-date as well. This will reduce the number of exploitable bugs in your systems and prevent attackers from silently eavesdropping on your traffic to steal data or passwords.