‘Phishing’ is a cyberattack in which email is the weapon. Victims are tricked into thinking an email is from a legitimate source. The email then lures them into taking some action, either providing sensitive data, downloading a file or simply clicking a link.
The term “Phish” is pronounced as it’s spelled. It’s an analogy for fishing: casting out baited hook hoping someone bites. The term first arose in the mid-1990s making it one of the oldest types of cyber attacks around. Unfortunately, it’s very still lucrative and as a result remains one of the most popular types of cyberattack globally.
A phishing attack is often just a ‘foot in the door’ for a hacker, and if it’s successful it can lead on to more devastating results for an organisation; stolen funds, IP, customer data all of which lead to lost reputation and consumer trust.
Many of the most famous hacks in history, began life as humble phishing attacks…
Real-life examples of successful Email Phishing attacks
Sony’s hack can be traced to top execs who responded to a fake Apple ID verification email which hackers used to guess their work logins.
Walter Stephan holds the record though. He’s the individual who lost the most from a single phishing email – $47 million. What’s worse is that it was a ‘Fake President incident’.
What is a Phishing Kit? A phishing kit is simply a bundle of web resources and tools that a hacker installs on a server to send out emails to mailing lists of victims. The ready availability of Phishing kits on the Dark Web means that criminals need not have any technical skills to launch successful phishing campaigns to millions. This ease of use is one of the main reasons why the number of emails in circulation just keeps growing.
What is Spear Phishing? In the more sophisticated attacks, hackers will masquerade as somebody the target will plausibly trust like a real person from a company they do business with. They’ll be asked to provide sensitive data such as banking and credit card details, and passwords.
I’m co-founder of Siege Cyber and passionate about Cyber Security, Hiking and Mountain Biking. I’ve been working within Cyber for the past 20 years and most of thoses years as a penetration tester. As a penetration tester I’ve tested some of the biggest companies in Australia before branching out and starting Siege Cyber. Siege Cyber was created to be an Australian owned and operated bespoke cyber security firm focusing on helping our customers secure their organisation and stay up to date with their compliance requirements listed in PCI-DSS, GDPR, ISO 27001 and others.
Happy to chat, happy to help.