Phishing also known as identity theft is a form of attack over the internet where an attacker tricks an unsuspecting individual through an email or other communication channels. The fraudster uses phishing emails to send out malicious links or attachments that can do a number of tasks for him, including the extraction of login credentials or account information from the victims.
Phishing is mostly used by cybercriminals, because it is so much easier to convince somebody to click a malicious link in an apparently legitimate phishing email than to break into his computer’s defenses.
How does phishing work?
Phishing attacks normally depend on social networking methods applied to email or any other e-communication methods. It could also use direct messages through social networks, SMS text messages and other instant messaging modes.
Phishers could make use of social engineering and information from other public sources like LinkedIn, Facebook and Twitter, to collect crucial information about the victim’s personal, work history, his interests, and his activities.
Pre-phishing attack reconnaissance can reveal targeted victim’s name, work details and email address, as well as details of their co-workers, key employees in their organizations and so on. These details are then used to send him authentic looking email. Targeted phishing attacks, including the ones from advanced persistent threat (APT) groups, generally start with a phishing email with a malicious link or attachment.