Phishing is a cybercrime that happens when a criminal impersonates a person, company or government agency to lure and deceive someone through an email, text message, phone call, social network, or fake website. The vast majority of phishing scams happen via email.
The goal of a phishing attack might be stealing sensitive and important information, getting people to send money, or even gaining access and control over victims’ devices. To do that, the attacker, also called phisher, will lie, spoof, manipulate and use malicious attachments and URLs.
And why is phishing so common? Phishing is one of the major threats these days and one of the attacks most used by fraudsters because it’s much simpler to lie and persuade someone with an email than to hack into a computer.
Phishing and social engineering
Since we are talking about manipulating and lying, one of the main techniques used in phishing scams is social engineering. It includes manipulation methods to gain access to sensitive information that is going to be used for fraudulent purposes.
How phishing works
It's important to be clear that phishing attacks only succeed if the victim falls for the fraud. That's what we call the “human factor”. It's not a type of scam that depends on a software or hardware vulnerability. The person really needs to bite the bait.
In cases of an email scam, victims generally receive a phishing email with an urgent request, an URL, or an attachment that appears to be from someone trusted, such as, for example, a bank, Apple, Microsoft, or Netflix.
If it's a malicious URL, the email message will ask the person to click on the link and update payment information, for example. What the victim doesn't know is that the link will direct to a fake webpage that looks very similar to the real one.
If it's a malicious attachment, the main risk is clicking on the file and getting a malware infection, such as Trojan, virus, or ransomware, which can compromise important information.
How to prevent phishing
The best defense against phishing is a solution that protects your email network, such as a Secure Email Gateway software, with anti-spam, anti-virus, sandbox and other engines. In addition, you have to training your employees. Security awareness is essential for any business.