Email Phishing Explained
What is Email Phishing Definition
‘Phishing’ is a cyberattack in which email is the weapon. Victims are tricked into thinking an email is from a legitimate source. The email then lures them into taking some action, either providing sensitive data, downloading a file or simply clicking a link.
The term “Phish” is pronounced as it’s spelled. It’s an analogy for fishing: casting out baited hook hoping someone bites. The term first arose in the mid-1990s making it one of the oldest types of cyber attacks around. Unfortunately, it’s very still lucrative and as a result remains one of the most popular types of cyberattack globally.
A phishing attack is often just a ‘foot in the door’ for a hacker, and if it’s successful it can lead on to more devastating results for an organisation; stolen funds, IP, customer data all of which lead to lost reputation and consumer trust.
Many of the most famous hacks in history, began life as humble phishing attacks…
Real-life examples of successful Email Phishing attacks
- Hilary Clinton’s email woes all started when her campaign chairman was duped into handing over his gmail password.
- Sony’s hack can be traced to top execs who responded to a fake Apple ID verification email which hackers used to guess their work logins.
- Walter Stephan holds the record though. He’s the individual who lost the most from a single phishing email – $47 million. What’s worse is that it was a ‘Fake President incident’.
What is a Phishing Kit? A phishing kit is simply a bundle of web resources and tools that a hacker installs on a server to send out emails to mailing lists of victims. The ready availability of Phishing kits on the Dark Web means that criminals need not have any technical skills to launch successful phishing campaigns to millions. This ease of use is one of the main reasons why the number of emails in circulation just keeps growing.
What is Spear Phishing? In the more sophisticated attacks, hackers will masquerade as somebody the target will plausibly trust like a real person from a company they do business with. They’ll be asked to provide sensitive data such as banking and credit card details, and passwords.