Phishing
Data ProtectionDefinition
A cybercrime where targets are contacted by email, phone or text by someone posing as a legitimate institution.
Technical Details
Phishing is a form of cybercrime that involves fraudulent attempts to obtain sensitive information such as usernames, passwords, credit card numbers, and other personal data by masquerading as a trustworthy entity in electronic communications. This is typically performed through emails, text messages, or phone calls. Phishing attacks often employ social engineering tactics to induce fear, urgency, or curiosity to trick victims into clicking malicious links or providing confidential information. Techniques used in phishing include email spoofing, domain spoofing, and the use of fake websites that imitate legitimate ones to harvest user credentials.
Practical Usage
Phishing is utilized predominantly as a means to compromise user accounts and gain unauthorized access to sensitive data. Organizations implement anti-phishing measures such as employee training, email filtering, and multi-factor authentication to mitigate the risk of successful phishing attacks. Additionally, cybersecurity awareness programs aim to educate users on recognizing phishing attempts and reporting them. Real-world applications include implementing DMARC (Domain-based Message Authentication, Reporting & Conformance) protocols to protect against email spoofing and using security software that identifies and blocks phishing attempts.
Examples
- A user receives an email that appears to be from their bank, asking them to verify their account information by clicking on a link that leads to a counterfeit website designed to look like the bank's official site.
- A text message claims to be from a popular delivery service, informing the recipient that their package is on hold and prompts them to click a link to resolve the issue, which leads to a malicious site.
- An employee receives a phone call from someone pretending to be from the IT department, requesting their login credentials to resolve a supposed security issue.