>

Glossary Home

Phishing

What is phishing?

Phishing is a type of cyber attack done with the intention to steal sensitive information like bank account details, passwords, and other personal information. The attackers lure their targets by masking their identity and pretending to be from a trusted source.

What is phishing email?

An email used as a tool to carry out fraudulent activities like stealing and misusing personal information is called a phishing email.

Cybercriminals also use telephone and messaging services (SMS, social media messages, etc.) as a tool to trap their targets.

Here is an example of a phishing email:

' Subject: Attention Required! Your account has been deactivated

This is to inform you that your account with (name of the company you trust) has been deactivated as your account has not been verified.

Please download the pdf file and follow the steps to activate your account.

Thank you '

In the above example, the sender's identity is spoofed to establish trust. The subject of the email has a sense of urgency, which increases the chances of a response. If the target downloads the file, it will result in a security compromise that will pose an immediate threat to user's confidential information like passwords, bank account details, business email compromise (BEC), and more.

What are the different types of phishing?

  • Spear phishing: This is a targeted approach to phishing unlike bulk or group phishing. The attacker gathers information about its target through sources like social media and sends a personalized email that might include information like their full name, company's name, job title, or details of their job role. Collecting information about the target makes it easier to deceive them.
  • Whaling: Whaling refers to targeting 'big fish'—the senior officials in a company. It's difficult for the attackers to lure in senior executives, so the content drafted for whaling attacks is made to look like it's from government offices, courts, or customers.
  • Smishing and Vishing: In this case, the phishing attacks are carried out using telephone. Smishing uses a text message whereas vishing uses a voice call as a tool for deception.
  • Clone phishing: This attack has two levels of compromise. In the first step, the attacker hacks the contents of either the sender's or receiver's emails. In the second step, the attacker replaces the files in the legitimate email with malware and imitates the sender's identity.
  • Angler phishing: Social media has become a popular channel for interacting with companies and financial or government institutions. Phishing attacks on social media can be highly targeted as information about user interest is freely available. The attackers share fake tweets, posts, or malicious URLs with their targets on social media, masquerading their true identity. This is called angler phishing.

    These attacks can be avoided if social media users are cautious enough to identify and interact with verified company accounts only.

How to prevent phishing?

  • Identify and avoid phishing communication: Phishing communication is done with a spoofed identity. Checking the sender's name, email address, and domain name before responding to any email can mitigate the risk of falling into the phishing trap.

    The contents of phishing communication generally have an urgent tone, ask for personal/confidential information, offer financial rewards, or have a set of instructions to download a file that is malware.

  • Create awareness among employees: In any organization, their security and privacy standards are only as strong as their weakest link. Since employees are susceptible to phishing attacks, they must be given all the information they will need in case there is an attempt to breach security and privacy.
  • Implement SPF, DKIM and DMARC: Configuring these protocols in DNS broadly serves two purposes—email authentication and encryption. Email authentication assures that the sender's identity is verified and an encrypted message indicates that the email's content has not been tampered with.

Learn more about SPF, DKIM, and DMARC.