Phishing is a cyber-attack technique that utilizes deceptive emails as weapons. The objective is to ultimately deceive the recipients into believing the email is something they want or need such as an email from their boss or their bank. The recipient will then click a link or download a malicious attachment that will infect the user's machine. Phishing is one of the oldest and most common cyber attacks, beginning to appear in the 1990s and is still becoming more widespread and advanced as the year's progress.
How to recognize phishing
Scammers and hackers use email and sometimes text to trick recipients into giving them private information. They try to steal usernames, passwords, bank numbers, or other personal details. The scammers will then use this information to access your bank, email, or any other accounts. While phishing attacks are constantly evolving there are some signs to try and tell you're being scammed. Most often phishing emails will look like they come from a company or person you trust and will try to get you to open a link or attachment.
Things they may say include:
Phishing attack example
The email above is an example of phishing from Wikipedia. The email, likely sent in bulk to “TrustedBank” customers, attempts to get the recipient to click the link to verify their information.
Several things can occur upon clicking the link. For example:
How to prevent phishing
The best way to prevent phishing for individual users is to be wary of any email asking them to click a link or download an attachment. Spoofed messages very often contain mistakes such as spelling errors or slight changes in the domain name of the message.
Commercial enterprises can mitigate phishing in several ways:
If you've read this article, you're already taking positive steps to avoid phishing, but there are many other serious threats out there. Red Sea Information Security offers services in Penetration Testing, Auditing, Network Assessment, and Generalized Information Technology support which includes Security Awareness Training for threats like phishing attacks.