Phishing is a type of cyber attack in which attackers use deceptive emails, messages or websites to trick people into disclosing sensitive information, such as passwords, credit card numbers or personal details. The term ‘phishing’ is a play on the word ‘fishing’, as attackers use bait – usually in the form of fake emails or messages – to lure victims into sharing sensitive information. The goal of phishing attacks is often to gain unauthorised access to personal data, commit financial fraud or download malware on the victim's device. Phishing can take a number of forms, such as email phishing, spear phishing, vishing and smishing.
What is spear phishing?
Spear phishing is a targeted type of phishing attack in which attackers tailor their fraudulent messages for a particular person or organisation. Unlike regular phishing attempts, spear phishing is highly focused and specific to the target, making it more effective and harder to spot. Attackers often collect information about the victim, such as their job role, interests, colleagues’ names or recent activities, to create emails or messages that look real. These messages may include personal details, references to recent events or even imitate the speaking style of someone the target knows and trusts. The ultimate goal of spear phishing is usually to trick the victim into taking some sort of action, such as clicking on a malicious link, downloading an infected file or sharing sensitive information.
What are other types of phishing techniques?
Phishing attacks can take various forms, and attackers often use different techniques to trick people and organisations. Some of the most common ways to attack in phishing include:
- Email phishing: Attackers send emails that appear to be from a trusted source, such as a bank or government agency, and request sensitive information. They may also forge the sender's email address to make it seem as if the email is from a trusted source.
- Smishing (SMS phishing): Phishers send fraudulent text messages – often mimicking alerts from banks or other known organisations – asking for sensitive information or containing malicious links
- Vishing (voice phishing): Attackers use voice calls to mimic real people or organisations, such as a bank or government official, and trick people into giving away sensitive information
- Clone phishing: Attackers create copies of real emails, making small changes to include malicious links or files, and send them to the same people the authentic emails were going to
- Angler phishing: Cybercriminals pose as customer support or tech support agents and use different communication channels, such as email or social media, to trick people into sharing sensitive information or downloading malicious software
- Credential harvesting: Phishers create fake login pages that mimic real websites. Users are tricked into entering their passwords or other sensitive data, which is then stolen by the attackers
- Malvertising: Cybercriminals inject malicious codes into online advertisements, and when users click on these ads, they are redirected to phishing websites
- Link manipulation: Phishers create URLs that look like actual websites, and users are then taken to these fake sites when clicking on seemingly innocent links
- Search engine phishing: Cybercriminals use search engine optimisation (SEO) techniques to ensure that phishing websites appear in search results for specific keywords
- Business email compromise (BEC): Attackers compromise or mimic high-ranking company leaders to trick employees into transferring funds or sharing sensitive information
What is a phishing attack?
A phishing attack is a type of cybersecurity attack that is designed to trick someone into revealing sensitive information or taking an action that benefits the attacker.
The phishing ‘bait’ often comes in the form of emails, texts, or even social media messages from sources that appear to be legitimate, like banks, government agencies or even friends and family.
They might offer something tempting, like a free product or service, a prize or urgent news, as a lure. Once a victim clicks on a link, opens an attachment, or responds to the message, the attacker may steal login credentials or personal information, or install malicious software to steal data, spy on or even take control of a victim’s device.
Most common ways to attack
Phishing messages often impersonate trusted organisations like banks, government agencies, or even personal contacts. They frequently use familiar logos, sender names or language that mimics previous interactions.
Similarly, phishing websites can be highly convincing – copying logos, layouts and even wording. However, there will be subtle differences like misspelled URLs, unusual domain names, or grammatical errors in the website content.
Phishing attacks often exploit human nature, such as playing on a victim’s instinct to act quickly in response to something urgent or alarming. Examples include false claims about cancelled parcel deliveries, locking accounts and even threats of legal action. Another attack method is the inclusion of enticing links or attachments, promising tempting deals, exclusive content or urgent solutions.
What are some examples of phishing attacks?
Here are a few notable phishing attacks that happened in recent years:
- Amazon Impersonation Attack: A recent phishing campaign mimicking Amazon through fake order confirmation emails aimed to trick victims into making phone calls and sharing credit card details. The email directed recipients to a genuine-looking Amazon site, adding a layer of authenticity.
- PayPal: Users have been targeted by a phishing scam involving a fraudulent email. Although seeming authentic, the email contained typos and errors.
- Twitter Bitcoin Scam: In July 2020, several high-profile Twitter accounts, such as those of Elon Musk, Barack Obama and Bill Gates, were hacked in an organised phishing attack. Attackers used the infected accounts to promote a Bitcoin scam.
- Google Docs Phishing Attack: A widespread phishing attack affected Google users in 2017, in which they were sent supposedly trustworthy emails asking them to click on a Google Docs link. However, the link led to a phishing site seeking access to the user's Google account.
How to recognise a phishing email, common features
Phishing emails often have common features that can help people recognise them. One key clue is the sender’s email address, which may not match with the official website of the alleged sender.
Generic greetings such as “Dear Customer” rather than customised ones with the user’s name are also common in phishing attempts – and the spelling and grammar may be incorrect.
These emails might also create a sense of urgency and pressure people to take prompt action, while also making unusual requests for sensitive information that real organisations usually would not ask for over email. Features such as mismatched URLs, which can be spotted by hovering over links to reveal the actual site, fake logos and branding are also common. Recipients should also watch out for unknown attachments in emails, as these can carry malware.
How can phishing attacks be prevented?
Preventing phishing attacks involves a combination of awareness, alertness and security tools. Here are some strategies to help:
- Education and awareness: Conduct regular security awareness training for employees and other people to educate them about phishing threats and how to recognise them. Keep them informed about the latest phishing techniques and common tactics used by attackers.
- Verify links and attachments: Before clicking on any link, hover over it to preview the URL. Make sure it matches the specified website. Check the legitimacy of the sender by verifying email addresses, especially if the email requests sensitive information.
- Cybersecurity tools: Use advanced threat protection solutions that can detect and block sophisticated phishing attacks, including those with social engineering tactics. Implement email security tools, such as email filtering systems that can detect and block phishing emails before they reach users’ inboxes.
- Phishing threat intelligence: Threat intelligence can provide timely and relevant information about potential threats, including phishing campaigns, tactics and indicators of compromise. This enables organisations to alert employees about current threats and implement effective defences to detect and block phishing attempts before they succeed.
- Regular software updates: Keep software, operating systems and security software up to date. Regular updates often include patches for known vulnerabilities. Additionally, use firewalls and up-to-date security software to detect and block malicious activities on your devices and networks.
What are the consequences of a phishing attack?
There are numerous consequences of a phishing attack. This can include:
- Financial loss: Unauthorised access to bank accounts or being tricked into making fraudulent payments can result in financial losses ranging from small amounts to millions of pounds, depending on the target and the sophistication of the attack.
- Data breach: Phishing attacks often expose sensitive data, such as personal information, financial records, intellectual property and trade secrets. Once obtained, the data can be used for various purposes, including identity theft, fraud, blackmail or competitive advantage.
- Disruption to operations: Phishing attacks can lead to denial-of-service attacks that take down websites or networks or encrypt critical data. This can lead to lost productivity and revenue.
- Damage to reputation: A successful phishing attack can damage a company's reputation. Particularly when customer data is compromised or business operations are disrupted, there can be a loss of trust from customers, partners and investors.
How to know if you’ve been phished?
If a victim notices unexpected changes in their account settings, password or security questions, it could be a sign of unauthorised access.
Unauthorised bank transactions or account changes may also indicate a phishing attack. Additionally, if they are receiving unwanted emails, messages or notifications asking for personal or financial information, especially from unknown sources, they have reason to be suspicious.
If any email has spelling or grammatical errors, threats, unusual requests or random attachments, or even generic greetings, users should tread with caution. If a URL is different to what a user expects it to be or directs them to a suspicious site, it is also likely to be a phishing attempt.
What to do after an attack?
If someone suspects they have been phished, they should change their passwords immediately, inform their bank and run a security scan on their devices. Reporting what happened to the relevant authorities or organisations is also necessary to avoid further damage.
Victims must also regularly update their cybersecurity knowledge and stay informed about common phishing tactics as this may help them avoid falling victim to future attacks.
In addition to cybersecurity knowledge, antivirus and anti-malware software should also be up to date. The effectiveness of these actions depends on a quick and coordinated response. Timely reporting, analysis and remediation efforts can greatly lower the impact of a phishing attack.
How can Silobreaker help with phishing attacks?
Silobreaker helps you to detect phishing campaigns targeting your organisation, employees or customers with contextual analysis of threat actors, domains and infrastructure.
Using open-source intelligence (OSINT), deep and dark web, and premium sources, Silobreaker scans researcher blogs, feeds and providers – such as OpenPhish – to identify, extract and serve the most comprehensive picture of phishing trends, targets and IOCs with automated aggregation of data from millions of sources in one place. The Silobreaker Intelligence Hub automates phishing intelligence selection and collection based on your Priority Intelligence Requirements (PIRs).
The Silobreaker Relevance Engine extracts actionable intelligence from even the most inaccessible unstructured OSINT sources by connecting and prioritising malicious entities in milliseconds for further investigation and analysis. It breaks down phishing intelligence to instantly identify target organisations and industries, as well as IOCs such as phishing URLs, IP addresses and hosting ASNs. It also supports post-incident operations, analysing paste sites and deep and dark web forums for mentions of company names and credentials stolen in phishing campaigns.
Communicate intelligence with speed and efficiency using the dissemination and integration tools included with Silobreaker. Automate email alerts based on customised entity watchlists of your brands, domains, credentials and more and use an integrated report-builder to create and send consistent, easy-to-understand reports for any stakeholder in a few clicks.
Silobreaker enables you to prioritise risk with context and mitigate threats faster with an instant connected picture of targeted industries, brands, domains, IP addresses and vulnerabilities used in phishing campaigns.
1. What does phishing mean?
Phishing is a cyber attack method that uses deceptive emails, messages or websites means to trick people into sharing sensitive information, like passwords, credit card numbers or personal details. The term ‘phishing’ is a play on the word ‘fishing’, as attackers use bait – fake emails or messages – to lure victims into disclosing information or clicking on malicious links.
2. What is an example of phishing?
A common example of phishing is receiving a fake email from a bank asking users to update their login details, or an SMS purporting to be from a friend or family member requesting a bank transfer for some urgent need.
3. What are the four types of phishing?
Email phishing, vishing (voice phishing), smishing (SMS phishing) and spear phishing (phishing targeting a specific person) are the four main types of phishing.
4. Is phishing a cyber crime?
Yes, phishing is considered a cyber crime as it involves deceptive tactics to steal sensitive information.
5. What if I accidentally clicked on a phishing email?
If you accidentally click on a phishing email, immediately change your passwords, report what happened to the relevant authorities and monitor your accounts for suspicious activity.