Phishing

Phishing is a form of social engineering attack, in which the criminal impersonates a trustworthy entity while requesting sensitive information of the victim.

5 min read

5 min read

What is phishing?

Have you ever received an email, text or other form of electronic communication seemingly coming from a bank, or other popular online service, that requested you to “confirm” your account credentials, a credit card number or other sensitive information? If so, you already know what a common phishing attack looks like. This technique is used to obtain valuable user data that can be sold or misused by the attackers for nefarious purposes, such as extortion, monetary theft, or identity theft.

How does phishing work?

Phishing has been around for years and in that time, attackers have developed a wide array of methods to target victims.

The most common phishing technique is to impersonate a bank or financial institution via email, to lure the victim either into completing a fake form in - or attached to - the email message, or to visit a webpage requesting entry of account details or login credentials.

In the past, misspelled or misleading domain names were often used for this purpose. Today, attackers incorporate more sophisticated methods, making the links and fake pages closely resemble their legitimate counterparts.

How to recognize phishing

An email or electronic message can contain official logos or other signs of a reputable organization and still come from phishers. Below are a few hintsthat canhelp you spot a phishing message.

How to protect yourself from phishing

To avoid a phishing bait, be aware of the above indicators by which phishing messages commonly give themselves away.

You can learn more about phishing here and here.

Notable examples

Systematic phishing started in the America Online (AOL) network in 1995. To steal legitimate account credentials, attackers contacted victims via AOL Instant Messenger (AIM), often pretending to be AOL employees verifying user passwords. The term “phishing” popped up on a Usenet newsgroup that focused on a tool called AOHell that automated this method, and the name stuck. After AOL introduced countermeasures in 1997, the attackers realized they could use the same technique in other parts of the online realm – and moved towards impersonating financial institutions.

ESET protects you against phishing

ESET Smart Security Premium

Ultimate internet security for your ultimate performance.

ESET Smart Security Premium

Ultimate internet security for your ultimate performance.

ESET Smart Security Premium

Built without compromise for users who want it all.
Secures Windows, Mac, Android and Linux devices.

Free Download