What is Phishing:
Phishing is the process to lure users and obtain sensitive information such as password and credit card information. Phishing is an example of a social engineering attack aimed at users, who are lured into clicking on links or opening email attachments.
Phishing incidents usually involves a stimulus and invoking a user response. The target audience is everyone who has an online/offline presence. This includes everyone from young children to the elderly.
The Phish intends to
- Steal identity-related information.
- Compromise banking information
- Compromise your online credentials
- Get the user to click on a malicious link so that malicious software (Eg: Ransomware) can be installed
The attackers use public information available on social networking sites and organisation homepages to target, lure the users and bait them.
The most common phishing baits contain the following components:
Lucrative subject/offer – Phishing emails intend to lure users and the target audience via a lucrative subject or offer.
Urgency and Action – They tend to invoke urgency and action as part of the social engineering attack.
Clickable links or Attachments – These emails usually contain clickable links redirecting you to a malicious site or a hoax site (e.g. Users could be redirected imperiuncybersec.com.au instead of imperiumcybersec.com.au. In some instances, the email could contain an attachment. These attachments usually contain a virus or malware.
The ebb and flow of Phishing emails changes with seasons. Phishing emails are common during:
- Tax filing season
- Holiday season / Social events
- The end of the financial year