Phishing is a type of cybersecurity threat that targets users directly through email, text, or direct messages. During one of these scams, the attacker will pose as a trusted contact to steal data like logins, account numbers, and credit card information. Phishing is a type of social engineering attack where a cybercriminal uses email or other text-based messaging to steal sensitive information. By using a believable email address, an attacker aims to trick the target into trusting them enough to divulge personal data, such as login credentials, credit card numbers, or financial account info.
As an example, the scenario usually plays out as follows:
- An individual receives an email from his or her bank (for example, Chase).
- The email appears to be sent from Chase, with the Chase logo embedded in the email.
- The email explains how there is an urgent issue with the individual’s account, instructing her to click on a link to address the matter right now.
- Once the individual clicks on the link, she is brought to a webpage which mimics that of Chase.
- Unknowingly, the individual enters her username and password to enter the website.
In this scheme, the scammer has collected the individual’s banking credentials. Further, by visiting the fraudulent banking site, the individual may have unknowingly downloaded malware to her computer, which will be tracking and collecting other data and sending it to the scammer.
The motivations for such malicious behavior are usually financial. According to the 2020 Verizon Data Breach Investigations Report, 86% of the 3,950 breaches were financially motivated.
At the enterprise level, phishing can have greater consequences. By allowing just one scammer to gain entry to a corporate network, a data breach can occur, leaving the organization vulnerable to loss and theft.
While email remains the most critical communications tool for business, it also, unfortunately, makes it the top threat vector, with the volume and sophistication of attacks ever increasing. There is a continuing severity and cost of phishing campaigns as a problem, and it is imperative for organizations to understand this phishing in order to combat email security issues.