This definition explains the meaning of phishing. Even if you’re not familiar with the term, you’ve probably heard about phishing attacks before. Like all social engineering methods, phishers prey on a target’s trust. They masquerade as friends, bank tellers, celebrities, or government officials, persuading victims to willingly surrender private information.
Phishing is usually performed using a ‘bait’, such as a chance to win a free iPhone, which is quite a simple and effective phishing ad. Clicking the ad will redirect the victim to a survey page where they will have to divulge sensitive information to proceed. But the only winner in these surveys is the social engineers who now have access to valuable personal information.
Phishing attacks are becoming increasingly sophisticated, and phishing emails are powerful distributors of trojans and keyloggers. For example, in the past, Australian Netflix users were duped by a spear-phishing email titled “Netflix Membership on Hold.” The email scam informed victims that their membership is inactive and urged them to verify their account information by clicking on the fake link.
The fake website was especially convincing as both the email and website had the Netflix logo, no typos and online forms. It could also identify financial institutions based on the credit card numbers and detect incorrect data entry, just like you would expect from any legitimate online service. Once the unsuspecting victim filled in the account verification form, the social engineer recorded login credentials, personal info, and financial details and then sold it on the dark web.
Sadly, anti-phishing software can only get you so far. All it takes for a phishing attempt to catch you off guard is by hitting the right emotional triggers at the right time. Before entering financial information on a website, look for the ‘s’ in HTTPS and a lock symbol on the URL bar. Have a healthy scepticism of all password reset emails, “too good to be true” ads, online surveys, URL links, and email attachments.