What is Phishing?
Phishing is the use of malicious emails or links to trick people into handing over private information. Attackers then use this data to steal the victim’s online credentials and compromise their systems. The most common phishing attacks involve fake email messages from your bank, Microsoft, Apple, or other trusted organizations asking for personal data. Attackers also create fake websites that look authentic to lure people into handing over their credentials.
In a typical phishing attack, attackers impersonate an employee from a targeted organization. They may use a generic salutation like “Dear customer” or a name from the target organization’s staff directory to make their emails appear more credible. They will often request personal or confidential information to verify the identity of a potential victim or confirm an order. Once they have this data, criminals can access the target’s accounts to steal money or goods.
This phishing-based attack can be carried out over email, but it’s also been used in phone calls (vishing), social media (aka “smishing”), and SMS messaging services. Attackers have even been known to use chatbots to boost phishing campaigns.
Attackers will often use a sense of urgency to urge people to take action. For example, an email from your bank might warn that your account will be frozen unless you click a link to verify information. Or, they might imply that the service you use regularly (like PayPal, Netflix or Windows) is having problems and needs your help immediately.