Phishing

Glossary Term Phishing

Phishing is a form of social engineering and cybercrime where attackers attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.  

Key Characteristics:

  • Deception: Phishing relies on deception to trick victims into revealing sensitive information or performing actions that compromise their security.
  • Social Engineering: It exploits human psychology and trust to manipulate victims into taking actions they wouldn’t normally take.  
  • Impersonation: Attackers often impersonate legitimate entities, such as banks, social media platforms, or government agencies.
  • Urgency: Phishing emails often create a sense of urgency to pressure victims into acting quickly and without careful consideration.

Common Phishing Tactics:

  • Email Phishing: The most common method, involving emails that appear to be from legitimate sources, often with urgent requests or warnings.
  • Smishing: Phishing attacks delivered via SMS text messages.
  • Vishing: Phishing attacks conducted over the phone.
  • Spear Phishing: Targeted phishing attacks directed at specific individuals or organizations.
  • Whaling: A type of spear phishing that targets high-level executives within an organization.

Examples:

  • Email from a fake bank: An email claiming to be from a bank warns of suspicious activity on your account and asks you to click on a link to verify your identity.
  • Text message from a shipping company: A text message informs you that your package delivery has been delayed and asks you to click on a link to reschedule.
  • Fake social media login page: A malicious website that mimics the login page of a social media platform to steal user credentials.

Impact of Phishing:

  • Data Breaches: Leads to the theft of sensitive personal and financial information.
  • Identity Theft: Stolen information can be used for identity theft and financial fraud.
  • Financial Loss: Victims may suffer financial losses due to unauthorized transactions or fraudulent activities.
  • Reputational Damage: Organizations can suffer reputational damage if their customers are targeted by phishing attacks.
  • System Compromise: Phishing attacks can be used to install malware on victims’ devices, allowing attackers to gain control of their systems.

Prevention and Mitigation:

  • Employee Training: Educate employees about phishing tactics and how to identify and avoid suspicious emails, messages, and websites.
  • Strong Passwords: Use strong, unique passwords for all online accounts.
  • Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security to online accounts.
  • Be Wary of Suspicious Emails and Messages: Carefully scrutinize emails and messages for any signs of suspicious activity, such as grammatical errors, unexpected requests, or suspicious links.
  • Verify the Sender: Always verify the sender’s email address and website before clicking on any links or opening any attachments.
  • Use Anti-phishing Software: Utilize anti-phishing software and browser extensions to help detect and block phishing attacks.

Phishing is a constant threat, and it’s crucial to stay vigilant and practice safe online behavior to protect yourself from these attacks.

Skip to content