Phishing

Definition

Fraudulent attempts to obtain sensitive data by impersonating legitimate entities.

Technical Details

Phishing is a cyber attack that typically involves the use of deceptive emails or websites to trick individuals into providing sensitive information such as usernames, passwords, credit card numbers, or other personal data. Attackers often create fake websites that closely resemble legitimate ones, employing social engineering tactics to lure victims into entering their credentials. Phishing attacks can utilize various methods, including spear phishing (targeted attacks), whaling (targeting high-profile individuals), and vishing (voice phishing via phone). Advanced phishing techniques may also involve the use of malware, which is delivered through links or attachments within the fraudulent communication.

Practical Usage

Phishing attacks are prevalent in various sectors, including finance, healthcare, and technology, where attackers impersonate trusted entities to gain unauthorized access to sensitive data. Organizations implement anti-phishing training programs for employees, utilize email filtering services, and deploy multi-factor authentication to mitigate the risk of falling victim to such attacks. Additionally, businesses often conduct simulated phishing exercises to raise awareness and prepare their employees for real-world phishing attempts.

Examples

• An attacker sends a fake email that appears to be from a bank, prompting the recipient to click on a link and enter their account login details on a counterfeit website.
• A company employee receives a message claiming to be from the IT department, asking them to verify their password through a provided link, which leads to a malicious site.
• A social media user receives a message from what seems to be a friend asking them to click on a link to view a photo, which actually leads to a phishing site designed to harvest personal information.

Related Terms