Phishing is a method of attack used by hackers in order to steal information like usernames, passwords and bank details.
Phishers, via electronic communication like email and instant messaging, send a message seemingly from a trustworthy organisation or individual. The message is the bait – hence the phishing term – with phishers relying on social engineering techniques in order to scare or lure the target to click the malicious link in the message.
For example, an email seemingly sent by a person's bank will tell them their account has been compromised, directing the person to click on a link in order to verify information to secure the account once again.
Often the link will direct to a seemingly legitimate website where the target will be asked to verify or input personal information. Sometimes the phishing emails may contain links to websites that are infected with malware.
Phishing comes in a number of varieties. Spear phishing targets specific individuals or businesses, as opposed to phishing which may send emails en masse to a large group of people. Clone phishing uses the content of a previously delivered, legitimate, email and creates an almost identical clone of that email. The link in the clone email will be replaced with a malicious version and the email address spoofed to appear like the legitimate sender. Whaling, another form of phishing, targets senior executives and other high-profile individuals within businesses. Often under the guise of a customer complaint, legal document or other executive issue, the content will be tailored to upper management.
