Introduction to Phishing | Identifying Phishing in the Wild | Recovering From Phishing | Gallery

Introduction to Phishing

Phishing is everywhere, and if you aren't watching for it, you can find yourself on the hook. Luckily, being aware of the tricks of phishers can greatly reduce the risk of falling for an attempt. Unfortunately, as people grow more aware of current phishing tacticts, the phishers adapt with new and more advanced techniques in a perpetual game of cat-and-mouse.

What is Phishing?

Phishing is a form of social engineering. The primary goal is to acquire your personal, financial, or other sensitive information from you that can then be used for a variety of other crimes later. Phishers often pose as well-known companies, services, and banks such as Amazon, Microsoft, Netflix, or Bank of America, urging you to take immediate action or else your account with them will be subject to penalties or closure. The main target may be a company rather than an individual, as well. In those cases, the main goal is to gain information that can give an attacker a foothold into the internal systems. Either way, the information itself is not always the end goal, but rather will be used as a tool to acquire the actual prize, be it money or sensitive company data.

Why does it happen?

Information and data are very valuable in the digital age. Aside from the possibility of directly acquiring banking information from unsispecting victims, a phisher can gain logon information for employees within an organization. That logon information can be the key for a data breach; a recent example of this is Reddit. There, the infiltator was able to steal confidential internal data after acquiring logon information from a Reddit employee. For more information about Reddit's recent hack, please see their post on the matter here.

How does it work?

A bad actor will often create an email template pretending to be a commonly used service or large bank, set up as an alert that the recipient's account with that service or bank is at risk of termination if action is not taken within a certain time period, with a link to a fraudulent website. This fraudulent website will look nearly identical to the genuine website, however any login or financial information you provide will go directly to the impersonator. The phisher can then take the provided information and use it as they please. Another common form of phishing, especially for online content creators, includes a phisher pretending to be approaching the creator with a business offer, with details included in an attached file. This file is actually malware, and when downloaded and opened, can transfer all sorts of information from the now infected computer to the phisher, or in the case of ransomeware, encrypt the computer's data and hold it for ransom. Phishing can also take place over SMS text and the phone. For more information on how to spot potential phishing, please see the quick identification guide.

Who has to worry about it?

In short: everyone. Many phishing campaigns are operated in a scattershot fashion, where the phisher targets hundreds of people at random. Some are more carefully crafted for specific targets, often business executives. Generally, the more valuable someone is due to their wealth, position, or other factors are more often targeted by more elaborate and convincing phishing schemes than your average John Smith, but even John Smith has a bank account. The more common scattershot phishing attempts are what most people will encounter, but that does not mean that it isn't something to watch for still.

LP 2023. Powered by Neocities.