By IT Brew Staff
less than 3 min read
Definition:
Cyberattackers use phishing tactics to trick victims into believing they’re interacting with a legitimate institution or trusted individual via text, email, or phone. These tactics may include fake stories and pressure tactics (such as creating a false sense of urgency) to convince a victim to give up sensitive information like login credentials or financial information. Attackers may also compel a victim into installing malware on a device.
Phishing is a particularly insidious cyberattack because it plays on human psychology, allowing attackers to sidestep many sophisticated cybersecurity tools designed to block attacks. Just one employee clicking on a link in a phishing email can result in a ransomware crisis for an entire company.
There are several variations on phishing, including:
- Vishing. Phishing attacks that take place over the phone, with an attacker pretending to be someone the victim trusts (such as their company’s accounts payable manager).
- Spear phishing. Highly targeted phishing attacks against an individual; these necessitate deeper research on the part of the attacker but can prove highly effective.
- Smishing. A phishing attack that leverages SMS text messages.
IT professionals and cybersecurity experts can employ certain technological defenses against phishing, such as requiring multi-factor authentication. However, the primary defense against phishing is teaching people within an organization to recognize the signs of an attack, such as a suspicious sender’s address, poor spelling, and unexpected or odd attachments.
