What is phishing?
Phishing is a method of online fraud that attempts to acquire sensitive information such as personal identity data, usernames, passwords, credit card details and other data by masquerading as a trustworthy entity or a legitimate business in an electronic communication. This criminal mechanism employs both social engineering and technical subterfuge. It often starts with a spoofed email, which directs its recipients to a counterfeit website, where they are then asked to divulge personal information, such as social security data and bank account credentials. Believing they are releasing this information to a legitimate source, they comply, and their information is stolen.
Even more dangerous is “spear Phishing”, a targeted Phishing technique aimed at specific groups, such as employees or customers of a single organization. According to several sources, spear Phishing can be very effective.
Yet another type of spear fishing is “whaling”, which targets high-level executives in a single organization or executives common to other organizations. Executives such as CEOs, CIOs, and PMs can find themselves the targets.