What Is Phishing?
Phishing is a cybercrime tactic that lures users into clicking bait disguised as something trustworthy, usually within emails. The result often causes the computer to download malware from unprotected or fake websites. The goal of phishing is to glean private information from the user that can either be sold, used in targeted spear phishing attempts, or used to infect the computer or network with malware such as ransomware.
Phishing has many forms and usually, along with malware, results in theft, compromised passwords, and other stolen information, such as the bank account and credit card details of an unsuspecting person.
How Does Phishing Work?
Phishing is generally mass-marketed. A phishing email from a fraudulent email address that is made to mimic a Microsoft service email might be sent to tens of thousands of individuals. At first glance, the spoofed email appears legitimate, and a fair number of people click the link and input their account information, which could be used by or sold to bad actors. Upon closer inspection, the email address often has typos or other spam indicators—instead of the actual email address of the supposed institution, it will have one-off typos, such as the numeral 0 used for a letter o.
For cyber criminals, the appeal of phishing lies in its ratio of effort to reward. Sending a mass-marketed email is easy. Purchasing malware delivery is cheap. And even if many of the email recipients won’t fall for the phishing lure, the handful who do can be extremely lucrative.
What Is a Phishing Email and How Can One Be Recognized?
Phishing also broadly encompasses several different forms of more specialized deception, and each has its own way of betraying its disguise. The examples below are all real-life phishing attempts received by Anderson Technologies’ employees.
For more examples, take our phishing quiz!