What is Phishing? Attack Techniques and Prevention Methods

Phishing definition: What is phishing?

Phishing is a type of social engineering attack in which cyber criminals trick victims into giving away personal information, such as credit card numbers or passwords. Attackers typically use email or text messages to contact their victims and may even create fake websites that look like the real thing to steal sensitive information.

How does phishing work?

Phishing typically starts with an email or other online communication that looks like it comes from a trusted source, like a company you do business with or a government agency. The message may say there is a problem with your account or that you need to take some urgent action, like clicking a link.

If you click the link, you may be taken to a fake website that looks real. The fake website may ask you to enter personal information, like your username, password, or bank account numbers. If you enter this information, criminals can use it to steal your money or commit identity theft.

Types of phishing attack

Spear phishing

Spear phishing involves malicious emails sent to a specific person. Criminals who do this will already have some or all of the following: the victim’s name, place of employment, job title, and email address, and even specific information about their job to make the scam more believable.

Whaling

Whaling attacks are even more targeted, taking aim at senior executives. Although the goal of whaling is the same as any other kind of phishing attack, the technique tends to be a lot subtler.

Vishing

Vishing is phishing attacks that are carried out over the phone. These are usually done by an automated voice or a recorded message. If the person answers the call, they will be asked for personal or financial information.

Smishing

Smishing is a common type of phishing attack that is carried out through SMS (short text messages). These messages usually direct the person to a fraudulent website, where they are asked to enter their personal information.

Angler phishing

Angler phishing is an attack via social media in which scammers post a fake link on a community forum or in a blog, often in response to a genuine question or problem. The criminal’s goal is to get people to click the link, which takes them to a malicious website.

How to prevent phishing attacks

Build a positive security culture

Develop a positive security culture in your organization by encouraging employees to be vigilant and report any suspicious emails or activity.
Implement two-factor authentication

Two-factor authentication requires an additional step to verify the user’s identity before they can access accounts, applications, and networks. This can make it more difficult for attackers to gain access.
Train your employees

Provide training to your employees on how to identify and report phishing emails. Be sure to include examples of phishing emails so that staff can recognize them.
Test the effectiveness of the training

Simulated phishing attacks will help you determine the effectiveness of your staff awareness training and which employees might need further education.

Train your employees to spot and avoid phishing attacks

Teach employees how phishing attacks work, the tactics employed by cyber criminals, and what to do when they’re targeted with our Phishing Staff Awareness E-Learning Course.

By the end of this course, your employees will be able to:

Identify phishing emails
Recognize the tactics used by cyber criminals in phishing attacks
Know what to do if they think they’ve been targeted by a phishing attack
Understand the consequences of falling for a phishing attack

Get started