Every internet user has encountered phishing at least once. Some have not fallen for the hackers' bait, while others have lost money or handed over important data to malicious actors. So what is it? Phishing is a type of cyber attack where a malicious link is sent, for example, via email. The essence of phishing is to obscure a person's view with a loud or alarming email, prompting them to click on a 'compromised' link. However, it doesn't necessarily have to be an email. Phishing can also happen by downloading unverified software or performing similar actions online.
Phishing is based on a combination of deception and social engineering. The key is for the user to believe that it's 'the' link from the bank they were expecting or an important email from a company.
Both regular internet users and valuable employees of major corporations (who are targeted intentionally) can fall for such links. For the latter, hackers use highly convincing emails. The most prominent phishing attack occurred in 2016 during the U.S. presidential elections. Hackers deceived Hillary Clinton's aide into revealing his email password.
- 'Download this important file.' The user doesn't realize it's spam, downloads software, and infects their computer. This often includes Zip files or Microsoft Office documents (such emails are frequently sent to company employees, disguising themselves as job applicants\' resumes)
- "Fill in your (usually confidential) information." Messages compel users to provide login and password (the most common). Often, this is disguised as a bank link. The login page looks very convincing. The user enters their information - and voila, the phishing succeeds.
In the online world, just like on the road, you need to be attentive and not lose vigilance. In such as case, you will avoid phishing scams.