Phishing is a widespread cybercrime in which an attacker tricks a victim into revealing sensitive information such as banking and credit card details, and passwords. To achieve this, the attacker generally contacts a victim posing as a legitimate institution. A typical example is a scam email that looks like it was sent from a bank, asking for a reply which includes sensitive login data. Phishing messages can also contain malicious software such as ransomware. The attack can result in identity theft and financial loss for the victim.
Phishing often involves social engineering – psychologically manipulating the victim into an action. Attackers generally create a situation of urgency in which the user is more likely to act thoughtlessly. Fake news is also a common means of this cybercrime. Provoked by the content, the user clicks a link leading to the attacker’s website. As a next step, the attacker may redirect them to install malware.
How to prevent phishing attacks?
There are various technical approaches available to help reduce the likelihood of phishing attacks. Spam filters can decrease the number of phishing emails. Certain browser settings prevent fraudulent websites from opening. CAPTCHA systems and multi-factor authentication measures make fake login attempts more difficult. However, mostly it is not a technical shortage but a simple human weakness that makes phishing feasible.
Therefore, to protect yourself and your organisation from the phishers, it is important to note the common red flags:
- If an offer sent to you is too good to be true, then it probably is.
- If you are asked to act urgently, keep in mind that reliable institutions generally give you enough time and details for different account-related actions.
- Check hyperlinks before clicking and suspicious attachments before opening.
- Even if the sender seems to be familiar, stay cautious with everything out of the ordinary or unexpected.
Read more about phishing and prevention on www.phishing.org
