Reading Time: 2 minutes

What is Phishing:

Phishing is the process to lure users and obtain sensitive information such as password and credit card information. Phishing is an example of a social engineering attack aimed at users, who are lured into clicking on links or opening email attachments.

Phishing incidents usually involves a stimulus and invoking a user response. The target audience is everyone who has an online/offline presence. This includes everyone from young children to the elderly.

The Phish intends to

  • Steal identity-related information.
  • Compromise banking information
  • Compromise your online credentials
  • Get the user to click on a malicious link so that malicious software (Eg: Ransomware) can be installed

Phishing Baits:

The attackers use public information available on social networking sites and organisation homepages to target, lure the users and bait them.

The most common phishing baits contain the following components:

Lucrative subject/offer – Phishing emails intend to lure users and the target audience via a lucrative subject or offer.

Urgency and Action – They tend to invoke urgency and action as part of the social engineering attack.

Clickable links or Attachments – These emails usually contain clickable links redirecting you to a malicious site or a hoax site (e.g. Users could be redirected instead of In some instances, the email could contain an attachment. These attachments usually contain a virus or malware.

The ebb and flow of Phishing emails changes with seasons. Phishing emails are common during:

  1. Tax filing season
  2. Holiday season / Social events
  3. The end of the financial year