Not to be confused with fishing but it is based around the same concept. Except that in a successful phishing attempt the tables are turned and you are the fish that has been baited and then caught, and you (and probably your company) are compromised to go down hook, line, and sinker.
Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.” TechTarget
Examples of phishing attacks The most common one is you receive an email (it could also be a phone call, text message, or via social media) that looks EXACTLY like it’s from a service provider you use – phone, bank, utility provider, etc. They ask you to confirm personal details, tell you your account had been compromised, or ask you to login via their link to update information. It all looks totally legit, but once you follow their instructions, you have just handed over your login details and along with it access to all of your information.
Why do people fall for phishing attempts? Because phishing attempts are personal, clever, and they are getting more sophisticated every day. Don’t believe me? Sitting there thinking ‘I would never fall for some dodgy email!’? Well, just watch this video of Jessica Clark conducting a phishing call (actually called ‘vishing’ – voice solicitation) to acquire journalist Kevin Roose’s mobile phone account details. She’s good, she’s really good. And then read the article that goes with that video to find out how a simple email sent by a hacker to tech-savvy Roose, that looked like it came from SquareSpace, caused him to download a supposed ‘security update’ which instead gave the hacker access to every keystroke he typed, his screen and his webcam. He was owned, but luckily in this case, he had asked for it.
The U.S. was far and away the biggest target of phishing attacks in 2015: 77% of companies targeted by phishing attacks in 2015 were based in the U.S. But the biggest growth in attacks was in China: From 1.1% of companies targeted by phishing attacks being based in China in 2013 to 5.4% in 2015. – CSO Online Report: 2016 phishing trends reveal new tricks, targets
What do hackers do with the information they have acquired? Well, if you’re lucky they will just attempt to clean out your bank account. But in most cases they are selling the data on to the highest bidder. According to CSO Online: ‘phishing kit authors make money in one of two ways: by selling the kits “for anywhere between $1 and $50” or by distributing the kits for free but containing backdoors that allow the kits’ authors to siphon off and sell personal and financial data collected on unwitting users.’
What to do if you think you’ve been phished
Immediately contact your actual service provider and let them know what happened. Then also report the scam to the government / consumer organization in your country that handles that sort of thing:
- Australia: Scamwatch
- USA: Federal Trade Commission
- Canada: Canadian Anti-Fraud Centre
- New Zealand: Consumer Protection
- UK: ActionFraud