“Just open it, you don’t need a password.”
What is phishing?
Phishing attacks are counterfeit communications that appear to come from a trustworthy source but can compromise all types of data sources. Attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems–such as point of sale terminals and order processing systems–and, in some cases, hijack entire computer networks until a ransom fee is delivered.
Sometimes hackers are satisfied with getting your data and credit card information for financial gain. In other cases, phishing emails are sent to gather employee login information or other details for use in more malicious attacks against a few individuals or a specific company. Phishing is a type of cyber attack that everyone should learn about to protect themselves and ensure email security throughout an organization.
How does phishing work?
Phishing starts with a fraudulent email or other communication designed to lure a victim. The message is made to look as though it comes from a trusted sender. If it fools the victim, he or she is coaxed into providing confidential information–often on a scam website. Sometimes malware is also downloaded onto the target’s computer.
Cybercriminals start by identifying a group of individuals they want to target. Then they create email and text messages that appear legitimate but contain dangerous links, attachments, or lures that trick their targets into taking an unknown, risky action. In brief:
- Phishers frequently use emotions like fear, curiosity, urgency, and greed to compel recipients to open attachments or click on links.
- Phishing attacks are designed to appear to come from legitimate companies and individuals.
- Cybercriminals are continuously innovating and becoming more and more sophisticated.
- It only takes one successful phishing attack to compromise your network and steal your data, which is why it is always important to Think Before You Click.