What is a Phishing Attack?

Phishing is a social engineering attack that attempts to trick unsuspecting users into divulging sensitive/personal data for the purpose of perpetrator financial gain. Sometimes referred to as “phishing scams,” attackers target login credentials, financial information (such as credit card information or bank accounts), company data, and anything that could be of monetary value. Phishing attacks typically engage victims with a message intended to solicit a specific response to an email, an instant message, or text message. The recipients unknowingly tricked into clicking a link containing malicious code and end up installing malware on their devices, freezing their systems as part of a larger-scale ransomware attack, or unwillingly revealing private/sensitive information.

Many phishing emails will take you to a fake website. This webpage will look like a legitimate company and ask for personal information. According to a Verizon Data Breach Investigations Report, the top-5 fake pages are:

  • PayPal: 22%

  • Microsoft: 19%

  • Facebook: 15%

  • eBay: 6%

  • Amazon: 3%

What is email phishing?

One of the most known forms of phishing is a phishing email. These fraudulent emails are often sent to look like they come from reputable, legitimate companies.

These attacks are often sent in bulk and are not targeted to specific email accounts. Scammers can use the credentials to steal money, personal data, or even credit card numbers to sell on the Dark Web. These leaked credentials are also a way for cybercriminals to start a spear-phishing attack.

Return to Glossary