What is phishing?
Phishing is an online fraud technique used by criminals to steal bank passwords and other sensitive personal information, such as social security numbers and credit card information. Delivered predominantly by email or short messages, phishing is one of the most pervasive attack methods currently available. Despite the increasing awareness in society, a significantly large segment of the population is still falling for such attacks. Phishing email is also the preferred method for spreading insidious malware such as Banking Trojans and ransomware. As a matter of fact, more than 93% of the security incidents in the recent past had phishing as a primary breach attack vector.
Spear phishing is a particular form, equally or even more dangerous, of phishing directed at a specific individual or organization, where the email is apparently from a sender that is known or trusted by the recipient. The fraudster uses various schemes to artfully impersonate email senders known by the victim.
A phishing attack begins with an e-mail message, apparently coming from some legitimate organizations, such as financial institutions or government agencies. Typically, the message would urge you to visit a fraudulent website with the same appearance as the legitimate organization’s site and enter some personal information such as your password and a user identifier. This information is then used to appropriate your identity and launch subsequently a more elaborate attack.
Due to the pivotal role played by phishing in cybersecurity breaches, it is crucial and highly recommended to deploy efficient and effective anti-phishing solution to detect and disrupt phishing attacks.