Phishing Definition: What You Need to Know
The phishing definition from the United States Computer Emergency Readiness Team, or US-CERT, says that this is a form of social engineering that makes use of emails or malicious websites (and other channels) to steal personal information from a person or even a company by posing as a trustworthy entity. Phishing attacks use email as a platform by sending messages to different users as if it’s from an institution or company that the person deals with. This can be a bank, web service, or any other type of account.
Based on the phishing definition, the main goal of these attacks is to trick the person into doing an action designed by the attacker, such as give them sensitive information. For example, an email that appears to be from a bank is sent to a person and warns them about their account being compromised. The email then directs the person to a website that looks just like the bank’s, and asks them to log in to reset their password. The website, of course, is a fraud and is only designed to steal information from people.
Certain fraudulent websites can even contain malicious software that enters the user’s computer upon clicking the link to the website.
Phishing Definition: Types of Attacks
The general phishing definition covers many forms of attack. More often than not, they come in the form of emails designed to look legitimate. The most common type is from a bank, as described earlier, so they can steal that person’s bank login details.
Fortunately, USA.gov knows all about the phishing definition and has compiled different phishing scams reported by corporations and other agencies to make us aware of such attempts to steal information:
- An email coming from a person you might know that says that they are allegedly stranded in a foreign country and are asking you to wire money so they can get back home.
- Emails that claim to be from the FDIC, FTC, or other similar agencies, stating that a complaint has been filed against the user or asking them to check their insurance coverage for their bank deposits.
- An email designed to look like a newsletter from reputable news organizations and providing links to read the full stories, but these links actually direct to malicious websites.
- Threatening emails claiming that they will harm the recipient if they do not wire a specified sum of money.
- An email that seems to confirm a complaint filed by the recipient; since the recipient didn’t really file anything, a link is provided where more details of the complaint can be found, and of course, the link is malicious.
There are more types of scams based on the phishing definition. They can take on any form and any story, but the end goal will always be the same.
Phishing Definition vs. Spear Phishing Definition
Both spear phishing and phishing attacks have much in common, which is why you need a good phishing definition. Both have the same goal of manipulating or tricking people to provide their sensitive and personal information. The main different of spear phishing is that they are more personalized and targeted so they can fool people easily.
Attackers, knowing the phishing definition, can personalize their attacks by checking your public information such as name, friends, co-workers, family, and more. This is easily accessible through social media. They will then use this public information to create a phishing attack specifically for that person. Because of this information, it may look legitimate and trick the recipient.
Phishing Definition: Identifying Phishing Attacks
Based on the phishing definition, in order to identify an attack, you have to be vigilant and observant. For organizations, they need to train their employees on how to differentiate between suspicious and legitimate emails. This is done by looking for certain indicators:
- According to the phishing definition, the email has a generic greeting such as, “Hello, bank customer,” because this is sent to multiple people. Spear phishing attacks could be personalized, though, so keep that in mind.
- Any email requesting your personal information is not legitimate. Companies such as banks would not ask for your personal details or login credentials. This is an actual safety measure to protect customers from these types of attacks.
- According to the phishing definition, many of these attacks try to create a sense of urgency based on the email, such as telling the recipient that they will lose something if they do not act immediately.
- If you do not know who the email came from, DO NOT click on the link. Until you verify it is safe, never open any link from suspicious emails. Also, all links should have HTTPS at the beginning. The “S” indicates that the website makes use of encryption protection for users and page requests.
If you are in doubt about a phishing definition, ask somebody about the email you received. Before taking action from any type of email from someone you do not know, try to figure out if it is legitimate first by communicating with other people involved, such as co-workers, friends, or family. In this way, you are able to protect yourself and the organization.