Phishing explained
Phishing is a fraudulent act in which an attacker acquires sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.
The Internet is a network of computers filled with valuable data, so there are many security mechanisms in place to protect that data, but there’s a weakest link: the human. If the user freely gives away their personal data or access to their computer, it’s much harder for security mechanisms to protect their data and devices.
A phishing attack is an attempt to trick a user into divulging their private information.
An example attack
A phishing attack typically starts with an email that claims to be from a legitimate website, like a banking website or online store:
The goal of the email is to obtain private data from the user, so it either asks the recipient to reply with personal information or it links to a website that looks remarkably like the original site:
Signs of a phishing attack
Fortunately, there are some tell-tale signs of phishing scams.
Suspicious email address
Phishing emails will often come from addresses at domains that don’t belong to the legitimate company.
Conversely, a legitimate email address is not a guarantee that an email is 100% safe. Attackers might have figured out a way to spoof the legitimate email address or hacked their way into control over the actual email.
Suspicious URL
Phishing emails will often link to a website with a URL that looks legitimate but is actually a website controlled by the attacker.
