Phishing is the act of placing a piece of bait in front of an unsuspecting computer user and hoping that they will bite – it’s been the bane of antivirus companies for a long time now.
Just like someone fishing uses bait on a hook to try to land a salmon, a malicious actor will use virtual bait in the form of an email (usually) with a link, to try to entice the user to click on that link – whereupon they will be ‘hooked’ and most likely infected with some kind of malware – and a whole world of pain and expense.
You’ve got unwanted mail
As mentioned, the most common delivery method for a phishing attempt is an email, but this kind of attack can be aimed at the unwary via text messages on a phone, on social media sites or, indeed, other avenues online.
The common theme is that whatever the chosen channel for delivery, the message will look like it’s coming from a legitimate entity, and if the attacker is really well-armed with some knowledge about you – such as the services you subscribe to – it may seem all the more believable because it appears to be from a company you use.
Because the communication is seemingly from a legitimate entity, this might make you less likely to think about the actual message content, particularly when the phishing email combines this with the suggestion that something needs to be done urgently, which is another common tactic.
So how does phishing work exactly?
Often the phishing scammer will…