Spear Phishing is not a game

What is phishing?

Phishing is one of the easiest forms of cyber attack for a criminal to carry out, but one which can provide these crooks with everything they need to infiltrate every aspect of their targets' personal and working lives.

Usually carried out over email - although the scam has now spread to social media, messaging services and apps - a basic phishing attack attempts to trick the target into doing what the scammer wants. That might be handing over passwords to make it easier to hack a company, or altering bank details so that payments go to fraudsters instead of the correct account.

The aim and the precise mechanics of the scams vary: victims might be tricked into a clicking a link through to a fake webpage with the aim of persuading them user to enter personal information - it's estimated that an average of 1.4 million of these websites are created every month.

Other campaigns involve tricking users into downloading and installing malware - for stealthy approach to theft - or inadvertently installing ransomware, providing the attacker with much more immediate profit.

More complex phishing schemes can involve a long game, with hackers using fake social media profiles, emails and more to build up a rapport with the victim over months or even years in cases where specific individuals are targeted for specific data which they would only ever hand over to people they trusted.

Want to read the full article?

Comments are closed.