What is Phishing? Unveiling the Existing Threat

August 9, 2023 By Janne Smith No Comments 9 minutes

When thinking about “what is phishing,” we get a ride back to the lane where Finding Nemo filled our childhood with the thrill of it and stayed as our decades-old yet, favorite. Unfortunately, phishing differs to a great extent in the realm of cyber security.

Bursting the bubble, phishing attacks are a black hat attempt to trick and obtain a user’s personal information, like banking details and social media account information – simply everything you never want a stranger to access. And 83% of UK companies have reported falling victim to phishing attacks in 2022.

But fear not! You can keep your personal information safe and secure with cyber safety awareness and a healthy dose of skepticism. So, be vigilant and think twice before sharing personal details online.

To talk about it all, buckle up while we cover everything about what is phishing, the types of it, and how to mitigate a phishing attack. Buckle up!

What Is Phishing in Simple Words?

A phishing attack is a cybercrime where victims receive an email, a text message or get contacted by some other form. The aim is to lure the target into providing the attacker with personal information–credit card information or ID passwords. Later, the information is used to access accounts without the victim’s knowledge.

Let’s put it this way, you have a personal, corporate email address and receive an organization email from almost an authentic-looking email address. It asks you to install the new messaging software, and due to it looking legit, you install it. 

There you go; you’ve installed ransomware on the company network. A 2022 report states that 92% of organizations fall victim to phishing attacks.

Where Do Phishing Attacks Come From?

It’s the American Online (AOL) that coined the term phishing back in the 90s. The story rolls in as a group of black hats disguising themselves as AOL workers who asked for all AOL users’ login credentials.

Rolling the ball, phishing became a profitable cybercrime activity, and today, the toll has risen to 3.4 billion phishing emails being sent daily.

However, there’s also another side of the story. A few specialists say the name “phishing” comes from the fishing technique, where hackers “fish” for a target’s sensitive information from a user sea.

Is Phishing Attack a Crime? What Can Phishing Do to Your Computer?

It varies from state to state. Overall, by its nature, it isn’t legal; the users need to be vigilant and keep their information private. On the other hand, a few states have laws and regulations for user protection from these attacks. Yet, those laws don’t clearly mention phishing as an illegal practice; other laws can be applied for information privacy. 

Confense’s Q3 2021 mentions phishing accounting for 93% of modern cybercrimes. And, witnessing the rising rate of it, different federal laws can result in an implication of sanctions – stating the phishing attack as one of the identity theft crimes. The underlying intent, along with several other rules, is a significant factor in categorizing a crime. 

Fraudulent websites, actively controlled platforms created especially for illegally gathering personal information, are subject to the same phishing regulations as legitimate websites. These websites have the intention of misleading trusting victims.

Other than that, a phishing attack can harm your computer; they’re designed for it. Once you provide your account access information, a hacker can infect your computer with malware.

How Phishing Works?

Let’s learn how phishing works with this example, where you are the victim of this attack. 

Assume you receive an unknown message that appears to come from a reliable source or someone that you know. 

There will be an attachment or a link asking for urgent action. And sensing that, once you interact with a malicious file attachment or click on a hyperlink, you’ll be redirected to a malicious internet location, and there you go, you’ve become a victim of a phishing attack. 

The aim is to infect your device with malware or redirect you to a site with malicious content. These fraudulent websites are designed to trick you into disclosing personal information, such as passwords, account numbers, or credit card information.

Cybercriminals collect their target person’s personal information and background from social networks. These channels are routinely used to find information about possible targets. The offender can then use the knowledge they’ve gained to craft a plausible phishing email expertly.

What Are the 4 Types of Phishing?

Phishing is an umbrella term for malicious activity involving tricking users into revealing personal or financial information like passwords, social security numbers, OTP, etc. The target of phishing ultimately defines its type. 

Here are the commonly practiced phishing attacks:

1. Spear Phishing
2. Whaling Attack
3. Smishing Attack 
4. Angler Phishing

1. Spear Phishing

Spear Phishing targets a specific group instead of a large number of people. It’s a one-size-fits-all technique that targets hundreds or thousands of people. It’s like throwing a large fishnet in the sea and expecting a few catches.

In contrast, spear phishing involves a lot of preparation and a specific message to that group or person. It will usually target mid-level employees of an organization, for example. Spear Phishing requires knowing the target to establish familiarity. 

It could be information you would expect a few people to know or something related to your organization. Cybercriminals could impersonate a vendor and ask for payment by targeting the finance department.

Once trust has been established, cybercriminals could even install malware on your device by asking you to download an attachment. The malware is usually spyware that records information from the device and can also have the worm-like capability to spread through the network. 

It could also be ransomware, which encrypts data on the device, leaving you unable to access important files without paying the ransom.

2. Whaling Attack

A Whaling Attack focuses on one high-level target, such as an organization’s CEO, CFO, or CTO. The target is big. Hence preparation will be tenfold of a typical phishing attack. The cybercriminals will use information collected through other social engineering techniques.

Infecting a high-level employee’s device means access to confidential information. Moreover, it can also give enough information to cybercriminals to strengthen phishing attacks against other employees, such as requesting urgent money from the finance department using the CEO’s email address and including specific details that avoids detection.

Another way of getting you to install malware is by impersonating the IT department. Cybercriminals could succeed in the attack by making it sound like an urgent and important update.

3. Smishing Attack

Emails are not the only medium that cybercriminals utilize. Smishing refers to phishing through SMS. Cybercriminals could text you by impersonating your bank or a service provider, informing you that a particular action is required.

It may contain a link, or you may be asked to reply in the conversation with the information.

4. Angler Attack

In angler phishing, a hacker creates a fake account—a situation you, as a millennial, have probably experienced—and conceals the identity by portraying the persona of a friendly customer support agent. They then ask you for personal information or urge you to click on malicious links. 

Downloading these links would put you at risk of joining a botnet. If you provide personal information, be aware of possible data breaches or anonymous financial transactions. Like previous phishing attempts, the goal is to trick a social network user into disclosing personal information to profit financially or obtain access to information.

What is Vishing?

Vishing is another form of phishing that involves calls. You would see cybercriminals impersonating banks most often because financial information is most valuable for any criminal. The visher can ask you to verify some bank details and repeat an OTP (One-time Passcode) sent through your account.

If the visher gets hold of two-factor authentication information like an OTP, it can get into your bank account. The OTP could also verify a transaction the cybercriminal is trying to make through your account.

What is a Sextortion Scam? When Phishing Gets More Aggressive

You might not always receive a seemingly polite email that asks you for information. Sextortion is a rising scam that plays on the target’s fear. Derived from the word extortion, sextortion emails typically inform the user that the sender has compromising pictures or videos of you and that you have been active on pornography websites recently.

The email will say the picture/video was taken by hacking your webcam or phone’s camera through spyware installed on your device. The cybercriminal will demand payment, usually cryptocurrency, if you don’t want the picture/video leaking out.

Do not worry about it. These are scare tactics to get you to pay up. It may even include your password so that you take the message more seriously. However, it is a scam using information gathered from social engineering techniques or passwords from a data breach.

How to Prevent Phishing Attacks?

Here are the top 3 ways to prevent a phishing attack:

Use a VPN

Using a VPN is the best way to prevent a phishing attack. But you will need more than a free or some other ordinary VPN. You must use a premium VPN to access exclusive features like FastestVPN. And here’s the best part, unlike other top-notch options, this doesn’t cost you an arm and a leg. 

You can mask your IP address and disguise your original location using a VPN. With that said, phishers won’t be able to access your information – since your connection is always protected!

Don’t Click Every Link You Receive

Even when the sender is someone you know, it’s usually not a good idea to click on links in emails or messages (SMS). 

Some phishing attempts are sophisticated, making the destination URL look like a legitimate website to record keystrokes or stealthily gather login/credit card information. It’s advised to use a search engine to find the website directly rather than relying on the provided link is better.

Keep Rotating Passwords

Setting up a system to change passwords regularly is crucial for people with online accounts. This procedure is a preventative precaution, preventing attackers from gaining unauthorized access. Password rotation adds a security layer, blocking ongoing attempts and restricting possible invaders, considering the possibility of compromised accounts without discovery.

Final Note

Whether you are an organization or an individual, there is an urgent need for education on phishing and various other cybercrimes. Phishing has claimed many victims over the years.

Seek help from cybercrime prevention entities in your state/country if you have been a scam victim.

Subscribe to Newsletter

Receive the trending posts of the week and the latest announcements from FastestVPN via our email newsletter.

Email Address