What Is Phishing?
Phishing is a type of cyber attack where an attacker, posing as a trusted entity, contacts a victim and lures them into giving up sensitive information such as credit card details and passwords.
Phishing is a cyber attack that uses deception to gather sensitive information from victims. The information collected is then used to access essential accounts. This may result in the victim’s identity being stolen or cause them financial loss.
Phishing is one of the oldest types of cyberattacks. It dates back to the 1990s when hackers tricked AOL users into giving up their login credentials. A good phishing attack mirrors a trusted entity so well that victims have no reason to suspect any foul play.
Generally, phishing works by disguising itself as a trusted entity. Some types of phishing include:
- Spear Phishing: The attacker, in this case, customizes their attack message to trick the recipient into believing that they have a connection with them. For instance, the message may contain information that would make the recipient think it is from a co-worker.
- CEO fraud: The attacker, posing as a senior executive will send a message to employees at an organization to perform a specific action, usually the wiring of money to an offshore account.
- Vishing: This is otherwise known as “voice phishing.” It is an attack conducted over the phone where the attacker mimics an entity to steal sensitive data from a victim or get them to transfer funds.
- Page hijacking: In this ploy, the attacker compromises a legitimate webpage and redirects users to a malicious website they created to steal information.
John gets an email from his email provider. It asks him to click a link to reset his password because his current password is not secure. He follows the link to a webpage where he fills a form asking for his old and new password. An hour later, Steve, a friend of John, gets an email from John asking him for a loan. Before sending the money to the specified bank details, Steve decides to call his friend to say some kind words. However, on the call, John reveals everything was fine and that he didn’t send any mail requesting a loan.
In the above instance, John’s email address got compromised when he filled a fake form from an attacker posing as his email provider. The attacker was unsuccessful because Steve called John before taking action. Often, most people send money thinking their friend needed help, only to realize later that it was a spear-phishing attack.« Back to Glossary Index