Skip to main content

What is phishing? Here’s everything you need to know

Here's how to dodge the digital hooks of modern phishing attacks

What is phishing? Like actual fishing, it’s no fun to be on the end of the hook. But that’s where every modern web user will likely find themselves at some point in their time online. Whether it’s through a phony email promising millions, a phone caller claiming to be from your bank, or a faked website login form, phishing is everywhere. The scary thing? It’s more profitable than ever.

Unlike many modern threats to our digital selves, though, Phishing scams have existed for centuries in more classic form and decades in their most recent. There are new methods and attack vectors at play today, but all they do is take advantage of new communication mediums to perform the same age-old scams that have been fooling unwary people forever.

Social engineering

Cybersecurity Pay-and-Pray
Image used with permission by copyright holder

The main component of any phishing scam is social engineering. That’s the practice of tricking the user into believing that the person, email, or, web page they are dealing with is legitimate. It’s psychological manipulation to commit fraud. A digital form of classic confidence tricks to encourage the divulging of personal information.

The most classic use of social engineering in phishing is with email. The Nigerian Prince scam is a well known one, but it also has its more modern forms on social media. Other variations on the theme include, phone calls, emails or social networking messages purporting to be from your bank that want you to click on a link, or an email that seems to come from a colleague who desperately needs you to open an attachment. In some cases that leads to malicious sites that continue the phishing attack, but they may also download malicious software which loops in malware for a combined attack.

In all cases, phishing attacks that lean on social engineering encourage the user to partake in an action which is not advisable. They may use language to suggest time is of the essence, appeal to good natures, or suggest familiarity to further apply pressure to the potential victim.

A good rule of thumb to avoid such scams is to consider the old adage of, “it’s too good to be true,” and to never click on links within emails. When it comes to attachments, asking colleagues to distribute them over file sharing platforms is safer and less susceptible to manipulation than emails which can easily be spoofed to look like they come from somewhere legitimate.

Phony forms

A more hands-off form of phishing involves faking more than just an email. In some cases entire websites — or at least their login pages — are spoofed to give further feeling of legitimacy. They might use similar-seeming web addresses, copied artwork and design choices, and even security certificates, depending on the complexity of the forgery.

As with the email scams, phishing websites are designed to encourage the victim to part with their personal information. A fake banking site or social network might steal your login credentials. A fake Bitcoin exchange might try to steal your cryptocurrency.

Although less common, the most sophisticated form of website spoofing involves using a security hole in a legitimate website to hijack it. When victims attempt to login, they are in fact putting their information into a phony login form, or are granting the attackers the ability to login to that site at the same time as them.

The best way to avoid such attacks is to always make sure you’re actually on the right website — not one with a similar URL — and to be suspicious of any surprise login prompts. If in doubt, type the web address you know to be safe in your web browser rather than using links.

Targeted phishing

Phishing is generally quite generic with attackers looking to cast their net wide to try and snare as many potential victims as possible. This is especially important now that most modern web browser employ anti-phishing security measures. However, some of the most effective phishing attacks have been successful because they were targeted. The practice of using specific information about individuals, perhaps garnered from a previous social engineering or malware attack, is known as spear phishing.

Spear phishing can take the guise of emails, phone calls, or instant messages in much the same way as more general attacks. They will employ disarming tactics like first name usage, or preferred personal information that could seem to only come from a legitimate source. This can be for the purpose of monetary gain, but there have also been instances of it being employed for the purpose of industrial espionage and political manipulation.

According to a 2017 Keepnet study, the average successful spear phishing attack on businesses nets the attackers $1.6 million, making it far more profitable than other types of digital attacks.

Another more niche form of phishing known as “whaling” can be even more lucrative. It specifically targets high-net worth individuals and businesses with the purpose of scamming them out of money or gaining high-level digital access to an organization.

Spear phishing attacks are, by their very nature, much harder to spot and avoid in turn. However, it’s important to remember that they rely on the same manipulative techniques as other phishing scams. They want your information. If you are very careful about the information you give out and the context you offer it in, you should be relatively safe from all forms of phishing.

You can further mitigate the problems associated with phishing attack fall out by using unique passwords on all your services and storing them in a strong password manager.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
What is a CPU? Here’s everything you need to know
Heatpaste buildup on a Ryzen 7000 CPU.

If you’re just learning about the world of computers and electronics, the terminology used to refer to different parts can be confusing. One component term you may have encountered is “CPU,” which stands for "central processing unit."

CPUs reside in almost all devices you own, whether it's a smartwatch, a computer, or a thermostat. They are responsible for processing and executing instructions and act as the brains of your devices. Here, we explain how CPUs interact with other parts of your devices and what makes them so integral to the computing process.
What makes a CPU a CPU?

Read more
Thunderbolt 4: everything you need to know
Dell XPS 13 2019 review (9380)

Thunderbolt 4 is the latest generation of Intel's Thunderbolt technology, and though it doesn't revolutionize the standard, it does shore it up in ways that make it far more of a high-performance guarantee than competing standards like USB4. However, the tech may not be all about raising the minimums. Intel has demonstrated Thunderbolt as being capable of far greater performance; it just hasn't implemented it yet.

Here's what you need to know about Thunderbolt 4 to make the most of this high-speed and high-performance connection standard.
Availability

Read more
Everything you need to know about mini-ITX
Product image of the Cooler Master Masterbox NR200 mini-ITX case in white and black.

The mini-ITX platform is more popular today than ever. Its compact sizing with high-performance potential makes it great for gamers, content creators, and enthusiasts who seek a small yet capable system. In this guide, we will shed some light and explain everything that you need to know about mini-ITX and how you might want to go about building or buying one in the future.
What is mini-ITX?
Mini-ITX is a small form factor (SFF) standard for motherboards and computer cases that was developed by VIA Technologies in 2001. Its main purpose was to allow for compact and space-efficient computer systems while retaining the basic functionality of a standard desktop computer.

The mini-ITX platform is smaller than the more common ATX and micro-ATX standards. Most commonly used mini-ITX motherboards measure 170mm x 170mm (6.7 inches x 6.7 inches) and typically feature a single PCIe expansion slot, two RAM slots, and a variety of I/O ports for USB, SATA, audio, and networking. Despite their small size, mini-ITX motherboards are capable of supporting full-sized CPUs, memory, and storage devices, thus making them suitable for a wide range of computing tasks.

Read more