According to the phishing definition of US Computer Emergency Readiness Team or CERT, it is a form of social engineering, using emails or malicious websites (and other channels) to rob a person of personal data or even a company by posing as a trustworthy entity. Phishing attacks use email as a platform by sending messages to various users as if the person is dealing with them from an institution or company. This may be a bank, a web service or any other account type.
Based on the phishing concept, the main objective of such attacks is to trick the victim into action the attacker designs to provide him with sensitive information. For example, an email claiming to have been sent from a bank to an individual warning that their account is being compromised. The email then directs you to a website that looks the way your bank is and asks you to log in to reset your password. The site, of course, is a fraud and is only designed to steal information from people.
Many fraudulent sites that even include malicious software which enters the user’s computer when the website link is clicked on.
Definition of phishing and attack types
The general concept of phishing includes many types of attack. They also come in the form of emails that look legitimate. As mentioned earlier, the most popular way is from a bank, so that you can steal the bank information of that individual.
Fortunately, USA.gov knows all about the definition of phishing and has compiled different phishing scams reported by companies and other companies to inform us about attempts to steal information:
- An email from a person you might know says they are probably stuck in another country and ask you to send money to return home.
- Emails claiming to have been sent by the FDIC, FTC or other similar agencies that the user has been complained of or asked to check his bank deposits for insurance cover.
- An email designed to look like a newsletter from reputable news agencies and to give you links to the entire story, but these links lead to malicious websites.
- Threatening emails claiming they will damage the recipient if a specified sum of money is not wired.
- An email that appears to validate the recipient’s complaint. Because the complainant has not submitted anything, a connection is given to find out more information about the complaint and, indeed, the link is malicious.
There are many types of scams focused on the definition of phishing. They can take all forms and stories, but the final goal will always be the same.
Phishing Definition vs Spear Phishing Definition
Spear phishing and phishing attacks have a lot in common, so you need a clear explanation. Both try to exploit or trick people into supplying confidential and personal information. The main thing about spear phishing is that they are more personalized and targeted to fool people.
Attackers can personalize their attacks by checking your public information, like names, friends, colleagues, family and more, and knowing the phishing definition. This can be easily accessed via social media. You will then use this public information to create a phishing attack on this person. It can look genuine and trick the recipient because of this information.
Identifying Phishing Attacks
Based on the phishing definition, you must be vigilant and observant to identify an attack. They need to train their staff to differentiate between suspicious and legitimate emails for organizations. This is done in search of specific indicators:
- According to the phishing definition, the email gets a generic greeting, like “Hello, a bank customer,” which is sent to several people. Spear phishing attacks can be customized, however, so take this into account.
- Any email that requests your data is not legitimate. Companies like banks should not challenge your personal information or login credentials. This is reasonable protection against these attacks to protect customers.
- According to the Phishing concept, many of these attacks seek to create a sense of urgency based on an email, such as suggesting that if the user doesn’t respond immediately, he will lose something.
- If you don’t know from whom the email came, don’t click on the link. Never open any link from suspicious emails until you verify it is safe. Also, in the beginning, all links should have HTTPS. The “S” indicates that the website uses the protection of users’ encryption and page requests.
If you doubt a phishing definition, ask someone for the email you sent. Before taking action on any email from someone you do not know, try to determine whether it is legitimate to communicate with other people, such as colleagues, friends or family. You can protect yourself and the organization in this way.