Phishing attacks use both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social engineering schemes use spoofed emails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers.
Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning.
Phishing is a type of cyberattack where attackers attempt to trick individuals into providing sensitive information—such as usernames, passwords, credit card numbers, or other personal data—by pretending to be a trustworthy entity. It’s one of the most common and dangerous forms of cybercrime.
Types of Phishing Attacks
- Email Phishing: The attacker sends an email that looks like it’s from a legitimate organization (e.g., your bank, a social media site). It often includes a link to a fake website designed to steal your information.
- Spear Phishing: A more targeted form of phishing where the attacker tailors the message specifically for one person or organization, often using personal information to appear more legitimate.
- Smishing: Phishing via SMS or text message.
- Vishing: Phishing via voice calls, where the attacker pretends to be from a trusted organization.
- Clone Phishing: A legitimate email is copied, and a malicious link or attachment is substituted, then sent from what appears to be the same sender.
- Whaling: A type of phishing targeting high-profile individuals like executives or politicians.
Common Signs of a Phishing Attempt
- Unexpected or unsolicited messages.
- Urgent or threatening language (“Your account will be suspended!”).
- Misspellings and grammatical errors.
- Suspicious links or attachments.
- Inconsistent sender addresses (e.g., “support@appl3.com” instead of “support@apple.com“).
How to Protect Yourself
- Never click on suspicious links or download unexpected attachments.
- Check the URL carefully—fake websites often have small spelling differences.
- Use two-factor authentication (2FA) wherever possible.
- Keep your software and security patches updated.
- Report phishing attempts to your IT department, email provider, or government cybersecurity services (like phishing.gov in the UK or reportphishing@apwg.org).