What is Phishing?

Phishing is a method that hackers employ to collect personal data using deceptive websites and emails. The goal is to trick the victim into believing that a message, a website, or an attachment is something they want or need.

Hackers use deception to trick employees into clicking phishing emails. For instance, they create emails masquerading as requests from banks, additional information from vendors, or an urgent note from a colleague or manager.

Key Takeaways

History of Phishing

Phishing is one of the oldest cyberattack types, dating back to the 1990s. It is still one of the most prevalent and successful attack methods in use today. Hackers are devising more clever messages and advanced techniques to launch sophisticated phishing attacks.

Phishing comes from the word “phish,” which is pronounced like it is spelled. The name comes from the “fishing” analogy that entails using a baited hook to trick a target. In this case, cybercriminals send phishing emails hoping you will fall on their trick.

Real-World Phishing Examples

A 2019 Verizon Data Breach Investigations Report indicates that more than a third of all recent breaches involved phishing.

Some real-world examples of phishing tricks include:

In 2016, hackers used phishing to trick Hillary Clinton’s campaign chair, John Podesta, into sharing his Gmail password.

Several successful phishing attempts led to an attack in which criminals released intimate photos of several celebrities to the public.

Bundled Kits Make Phishing Effective Today

The availability of phishing kits is making it easy for attackers to launch their phishing campaigns. Cybercriminals have access to a bundled kit with phishing resources and tools to launch attacks from a remote server.

Phishing kits and target’s mailing lists are available on the dark web. Some sites like PhishTank and OpenPhish run crowd-sourced phishing kits lists.

An attacker installs the kit on a server and sends emails to potential victims.

Phishing Increases During a Crisis – COVID 19 Case

As mentioned, cybercriminals leverage deception and create a sense of urgency to succeed in a phishing campaign. Crises like the coronavirus pandemic offer an opportunity for hackers to trick victims into falling for phishing baits.

A pandemic pushes people to the edge. They are desperately looking for information from companies, governments, research organizations, and other relevant authorities. People will undoubtedly open emails from these bodies during a pandemic, without much scrutiny.

The frequency of phishing threats has risen considerably since the onset of COVID-19. Companies are experiencing an average of 1,185 attacks each month.

COVID-19-themed phishing emails include:

Preventing Phishing Attacks

You can take these steps to mitigate phishing attacks:

Organizations can implement these measures to prevent phishing threats:

George Mutune

I am a cyber security professional with a passion for delivering proactive strategies for day to day operational challenges. I am excited to be working with leading cyber security teams and professionals on projects that involve machine learning & AI solutions to solve the cyberspace menace and cut through inefficiency that plague today's business environments.