Phishing is a type of social engineering attack which attempts to lure you into divulging your personal or sensitive information using misleading and deceptive methods. Phishing can be carried out in many different ways, the most popular ones to date being via spoofed emails and websites, phone calls or even text messages.
For example, a phisher might plot a scenario where they require you to complete a certain survey and you will be rewarded with a prize upon completion. While it sounds harmless on the surface, depending on the information that you have provided, the data they have gathered can be used for a variety of unscrupulous purposes, such as to gain access to your accounts or to carry out future scams or cybercriminal activities.
Another popular method is by sending would-be victims a “suspicious activity” notification. This is where the phisher informs you that your email or bank account may have been compromised, advising you to login to the affected account and change your password. However, if you click on the given link, you are redirected to a spoofed site which will then record your log in details, which will fall into the hands of the perpetrator.
Phishing messages are meant to look legitimate and genuine and cybercriminals are continually improving their methods to make their attempts seem more and more convincing. The scammers will go to the extent of copying precisely the exact website layout or email format of a legitimate organisation. That is why you should be careful with clicking links that you receive from emails and text messages, as the threat actors can replicate the links to look as close to the real thing as possible.
There are different varieties of phishing scams out there. Spear phishing is one of them and is designed to target a specific user or organisation. This type of attack usually carries higher risks since the scammers tend to carry out a more thorough background research about the intended victim/organisation through whatever way possible, such as scouring the company’s website or social media platform or stalking its employees.
With the rising value and importance of data for both individual and organisations alike, a successful phishing attack could result in dire consequences, such as data and intellectual property breaches as well as significant monetary and reputational losses.