You might have heard of phishing and how terrible it can be to fall victim to it. But what actually is phishing? How does it work?
Phishing stands as one of the most widely used cybercrime tactics right now. Phishing can be worryingly easy to carry out and can result in device infection and the theft of highly sensitive data. What’s more, almost everyone is at risk of falling victim to a phishing attack. But what is it, actually? How does phishing work? And can you steer clear of it?
“Phishing is a type of online scam in which attackers try to trick individuals into sharing sensitive information such as login credentials, credit card numbers, and other personal information. The attackers typically send fraudulent emails or messages that appear to be from a legitimate source, such as a bank or social media platform, and ask the recipient to click on a link or provide information.
Phishing attacks can also occur through fake websites or phone calls. The goal of phishing is to obtain sensitive information that can be used for fraudulent purposes, such as identity theft or financial fraud. It is important to be cautious when receiving emails or messages that ask for personal information and to verify the legitimacy of the sender before sharing any sensitive data.”
To better understand how phishing works, let’s look at a typical example of phishing, known as credential phishing. This malicious venture seeks to steal login credentials from users to hack accounts. This could be done to spread phishing messages further, steal data, or simply mess around with someone’s profile. Some people have their social media accounts hacked for no other reason than to post inappropriate or hateful language.
Let’s say that Bob receives an email from Walmart stating that there has been suspicious activity noted on his online shopping account. The email would also request that he log into his account via a provided link so that he can check on the issue or verify his identity.
It’s likely that Bob would feel nervous or scared seeing this and would naturally worry that someone had compromised his account. This concern may push Bob to comply with the email’s request so that he can seemingly sort the issue out as soon as possible. It’s this fear that the phisher heavily leans into. They may even state that the account is under threat or could be shut down if Bob doesn’t take action.
What Bob doesn’t know is that this is not the legitimate Walmart login page. Rather, it is a malicious website designed to steal his data.
When he enters his login credentials on this page, the attacker controlling it can intercept and steal them. From here, the attacker may directly hack Bob’s Walmart account to make unauthorized purchases or may even use other private information on Bob’s account, such as an email address or home address, to exploit him further.
The attacker will sometimes change the password of the compromised account after logging in so that they can lock the victim out while they conduct the scam. This will also provide the attacker with ample time to ransack your contacts and forward the malicious link to additional connections such as contacts, friends list, followers, etc.