Phishing is a type of social engineering where an attacker sends a fraudulent (“spoofed”) message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.
Email Phishing is a type of online scam where criminals impersonate legitimate organizations via email, text message, advertisement or other means in order to steal sensitive information. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want.
Different types:
- Spear
- Whaling
- Smishing
- Vishing
- Business Email Compromise (CEO Fraud)
- Clone
- Evil Twin
Is this a cyber crime?
It is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
What happens if you open a phishing email?
Clicking on a phishing link or opening an attachment in one of these messages may install malware, like viruses, spyware or ransomware, on your device. This is all done behind the scenes, so it is undetectable to the average user.
What to do when you get phished?
- Disconnect your device from the network. If you’re using a wired connection, unplug the cable from your computer immediately.
- Change your passwords.
- Run a virus scan.
- Inform the company.
- Beware of identity theft.
How do I stop phishing emails?
- Check that the email address and the sender name match.
- Hover over any links before you click on them.
- Check the message headers to make sure the “from” header isn’t showing an incorrect name.