What is Phishing and How Does it Work?

Phishing remains one of the most common types of cyberattacks. It’s a firm favorite of cybercriminals because of its simplicity, effectiveness and high rate of profitability. Phishing has certainly evolved from its infancy of scamming people impersonating a Nigerian prince in need of emergency medical treatment. Phishing today is increasingly sophisticated with specific targets and tough to spot. In this post, we kick off with a comprehensive definition of phishing followed by a discussion of how it works, highlighting some of the biggest phishing attacks that made waves.

What is phishing?

Phishing (aptly derived from the analogy of an angler throwing out a baited hook) is a form of cyberattack using a disguised email as its weapon. Its aim is to trick the recipient, using the disguised email, into believing the message is something they need to read or have to open (or click on the link or download the attachment contained in the email). It could purport to be an email from the recipient’s bank or an attachment supposedly from a colleague.

How does it work? 

What differentiates phishing is the insidious form of the message; cybercriminals masquerade as a trusted entity (or person), usually a person known to the victim or a company the victim is likely to transact with. It’s one of the oldest forms of cyberattacks with the first instance dating back as far as the 1990s. Yet, it is still one of the most prevalent and pernicious attacks and the techniques are becoming more sophisticated every day.

What is especially disturbing is that even cybercriminals with negligible technical skills can now launch phishing campaigns thanks to phishing kits available on the dark web. The latter bundles phishing website resources and the tools required to execute the attack, ready to be installed on a server, whereafter the attack can simply start sending out the phishing emails.

Phishing attacks that made waves

  • One of the most significant phishing attacks entailed getting Hillary Clinton’s campaign manager, John Podesta, to offer up his Gmail password.
  • Financially, the story of Walter Stephan, an Austrian aerospace executive, takes the bait for the largest sum of money scammed in one single attempt: $47 million.
  • Retailer, Target, suffered a massive data breach when falling victim to phishing attack which affected 110 million customers.

The common denominator among phishing attacks lies in its disguise. Cybercriminals spoof email addresses so impersonate legitimate people and set up fake websites to impersonate websites that users trust.

Stage2Data partners with Heimdal Security to offer robust, multi-layered security products to combat next-gen malware, ransomware and other enterprise threats. For more information, please get in touch.