Phishing is a form of fraud in which the attacker tries to steal
sensitive information such as usernames, passwords, and credit card
details etc. The word is a neologism created as a homophone of fishing
due to the similarity of using a bait in an attempt to catch a victim.
The most common type of phishing scam, deceptive phishing refers to any
attack by which fraudsters impersonate a legitimate company and attempt
to steal people’s personal information or login credentials.
Communications purporting to be from social web sites, auction sites,
banks, online payment processors or IT administrators are often used to
lure victims. Typically a victim receives a message that appears to have
been sent by a known contact or organization. An attachment or links in
the message may install malware on the user’s device or direct them to a
malicious website set up to trick them into divulging personal and
financial information, such as passwords, account IDs or credit card
details.
For example, PayPal scammers might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake PayPal login page that collects a user’s login credentials and delivers them to the attackers.
Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer’s defenses. Although some phishing emails are poorly written and clearly fake, sophisticated cybercriminals employ the techniques of professional marketers to identify the most effective types of messages.
On the contrary, phishing is constantly evolving to adopt new forms and techniques. With that in mind, it’s imperative that organizations conduct security awareness training on an ongoing basis so that their employees and executives stay on top of emerging phishing attacks.
For example, PayPal scammers might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake PayPal login page that collects a user’s login credentials and delivers them to the attackers.
Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate email than trying to break through a computer’s defenses. Although some phishing emails are poorly written and clearly fake, sophisticated cybercriminals employ the techniques of professional marketers to identify the most effective types of messages.
On the contrary, phishing is constantly evolving to adopt new forms and techniques. With that in mind, it’s imperative that organizations conduct security awareness training on an ongoing basis so that their employees and executives stay on top of emerging phishing attacks.
0 comments: