Phishing attacks are fraudulent emails, text messages, phone calls or web sites designed to manipulate people into downloading malware sharing sensitive information (e.g., Social Security and credit card numbers, bank account numbers, login credentials), or taking other actions that expose themselves or their organizations to cybercrime.
Successful phishing attacks often lead to identity theft, credit card fraud, ransomware attacks, data breaches, and huge financial losses for individuals and corporations.
Phishing is the most common form of social engineering the practice of deceiving, pressuring or manipulating people into sending information or assets to the wrong people. Social engineering attacks rely on human error and pressure tactics for success. The attacker typically masquerades as a person or organization the victim trusts—e.g., a coworker, a boss, a company the victim or victim’s employer does business with—and creates a sense of urgency that drives the victim to act rashly. Hackers use these tactics because it’s easier and less expensive to trick people than it is to hack into a computer or network.
According to the FBI, phishing emails are the most popular attack method, or vector, used by hackers to deliver ransomware to individuals and organizations. And according to IBM’s Cost of a data Breachn Report 2021, phishing is fourth most common and second most expensive cause of data breaches, costing businesses an average of USD 4.65 million per breach.
- Email phishing. Most phishing attacks are sent by email. ...
- Spear phishing. There are two other, more sophisticated, types of phishing involving email. ...
- Whaling. Whaling attacks are even more targeted, taking aim at senior executives. ...
- Smishing and vishing. ...
- Angler phishing.
