Phishing definition: What is phishing?
Phishing is a type of social engineering attack in which cyber criminals trick victims into giving away personal information, such as credit card numbers or passwords. Attackers typically use email or text messages to contact their victims and may even create fake websites that look like the real thing to steal sensitive information.
How does phishing work?
Phishing typically starts with an email or other online communication that looks like it comes from a trusted source, like a company you do business with or a government agency. The message may say there is a problem with your account or that you need to take some urgent action, like clicking a link.
If you click the link, you may be taken to a fake website that looks real. The fake website may ask you to enter personal information, like your username, password, or bank account numbers. If you enter this information, criminals can use it to steal your money or commit identity theft.
Types of phishing attack
Spear phishing involves malicious emails sent to a specific person. Criminals who do this will already have some or all of the following: the victim’s name, place of employment, job title, and email address, and even specific information about their job to make the scam more believable.
Whaling attacks are even more targeted, taking aim at senior executives. Although the goal of whaling is the same as any other kind of phishing attack, the technique tends to be a lot subtler.
Vishing is phishing attacks that are carried out over the phone. These are usually done by an automated voice or a recorded message. If the person answers the call, they will be asked for personal or financial information.
Smishing is a common type of phishing attack that is carried out through SMS (short text messages). These messages usually direct the person to a fraudulent website, where they are asked to enter their personal information.
Angler phishing is an attack via social media in which scammers post a fake link on a community forum or in a blog, often in response to a genuine question or problem. The criminal’s goal is to get people to click the link, which takes them to a malicious website.