Phishing is a Cyber-attack where attackers trick users into doing something that is harmful to the victim in various ways. Phishing is also a method of trying to gather personal information using deceptive e-mails, Social media posts and websites. This Cyber-attack uses disguised email as a weapon. The goal is to trick the user into believing that the message is something helpful or they want or need for instance, a request from their bank, or a person, or government entity, or a note from someone in their company — and to click a link or download an attachment or to share banking information, or to share personal details. The Cyber attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with, or they might trust. It’s one of the oldest types of Cyber-attacks, dating back to the 1990s, and it’s still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.
“Phish” is pronounced just like it’s spelled, which is to say like the word “fish” — the analogy is of an angler throwing a baited hook out through the Cyber space and hoping the target takes a bite. The term arose in the mid-1990s among hackers aiming to trick AOL users into giving up their login information. The “ph” is part of a tradition of whimsical hacker spelling, and was probably influenced by the term “phreaking,” short for “phone phreaking,” an early form of hacking that involved playing sound tones into telephone handsets to get free phone calls. The first phishing lawsuit was filed in 2004 against a Californian teenager who created the imitation of the website “America Online”. With this fake website, he was able to gain sensitive information from users and access the credit card details to withdraw money from their accounts.
Common characteristics of Phishing attacks are:
Too Good To Be True – Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention immediately. For instance, many Phishing attacks claim that user have won a lottery, a new Phone, or some other prizes through lucky draw. User’s need to keep in mind that if any offer seems to be too good to be true, it probably is!
Sense of Urgency – A favorite tactic amongst Cyber-criminals is to ask users to act fast because the super deals are only for a limited time. Attacker often will even tell users that they have only a few minutes to respond. Sometimes, they will tell user that their account will be suspended unless users update their personal details immediately. Most reliable organizations and services give ample time before they terminate an account and they never ask user to update personal details over the Internet.
Hyperlinks – A link may not be all what it appears to be. Hovering over a link shows user the actual URL where it will be directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling, for instance www.Amazon.com – the ‘O’ is actually an ‘U’.
Attachments – The goals of phishing emails or website is to compel the victim to download the attachment, or execute a program. If there is an attachment in an email user weren’t expecting or that doesn’t make sense, don’t open it! They often contain payloads like Ransomware or other viruses. The only file type that is always safe to click on is a .txt file.
Unusual Sender – The phishing attacks are designed to look and feel legitimate source. The look of the email, Social media post, text message is from someone user doesn’t know or someone user might know. The message is designed to look nothing out of the ordinary, unexpected, out of character or just suspicious in general. The attacker might even pretend to know the suspect in order to gain trust.
Phishing is one of the oldest and still among the most successful method of Cyber Attack. Phishing attack has created a major threat to those who use the internet, with millions of users getting affected every day. Let’s look at some of the statistics of this attack.
- Nearly one-third of all data breaches in 2019 involved phishing.
- One in every 25 branded emails is a phishing email. Two most popular brands phishers pose as are Microsoft (42%) and Amazon (38%).
- Globally 76% of organizations were targeted by phishing in 2019.
- 91% of Cyber-attacks in 2012 began with a spear phishing email.
- URL phishing detections increased 269% in 2018.