What is Phishing?

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in a digital communication. Typically carried out by email spoofing, instant messaging, and text messaging, phishing often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.

Phishing is an example of social engineering techniques used to deceive users. Users are lured by communications purporting to be from trusted parties such as social networking websites, auction sites, banks, mails/messages from friends or colleagues/executives, online payment systems or IT administrators.

Types of Phishing

• Spear phishing and whaling
• Catphishing and catfishing
• Clone phishing
• Voice phishing
• SMS phishing

Popular Phishing Techniques

• Link manipulation
• Filter evasion
• Website forgery
• Covert redirect
• Social engineering
• Tabnabbing

How to Prevent Phishing?

• Multi-factor authentication (for example, use of security tokens)
• Filtering out phishing mail
• Browsers alerting users to fraudulent websites
• Augmenting password logins
• Monitoring and takedown
• Transaction verification and signing
• Email content redaction
• Limitations of technical responses