> What Is Phishing

Phishing in the digital world is similar to fishing in the general public’s understanding, and it is very simple: The Phisher casts a bait, and waits to see who will bite. And just like fishing can cost a fish its life, Phishing can very well cost you your lifelong earnings or reputation or sometimes even more.

Spear Phishing is basically the same as phishing, except the target is different. While phishing is something targeted at an entire population, much like casting a net and waiting to see what fish is going to get tangled, spear Phishing is targeting one specific individual.

If a specific person in accounting receives an email that appears to be from their supervisor, that mentions them by name, that is probably spear Phishing.

“Whaling” is another term you may come across, and it is about the same crime, but targeting the highest-ranking officials and CEOs.

> How Is It Conducted

Just like any other crime, there are countless ways to conduct Phishing. But the most common attack vector is email. One that essentially tries to make you trust it, and instructs you to take some action that the attacker is waiting for. You might, for example, receive an email that says “This is your bank, your account has been locked for the suspicion of fraudulent activity; please log in to confirm your identity and approve or revoke the transactions that were made in your name”.

At first sight, one could just click the link provided and land on a page identical in design to that of the bank; one that asks for a username and a password. If you submit your credentials to that page they will be sent not to the bank, but to the person who set up that scam and they will then have complete access to your bank account as if they were you.

> What Could Happen

The Phishers could shop Amazon with your money, naturally, but they can also do more sinister things. They may request a new bank card with your name on it, but have it delivered to a mailbox they have access to, and use it at the time and place of a crime, placing you on scene and leaving you with the burden of proving your innocence and dealing with all the legal, financial and psychological strain that comes with such an experience.

The attacker, and depending on their purpose behind the attack, may just impersonate you to conduct crime or sell your information on the dark web to whoever may want to pay for it. A victim can lose much more than money if they fall to a scheme of this kind.

More recently, Phishing is being a successful attack vector to deliver ransomware, malicious codes that will encrypt all information on a computer and demand ransom in exchange of a “key” to reverse the encryption. Imagine a city that loses the information of their taxpayers or a hospital where doctors cannot access the medical history and information of the patients laying on their operating tables!

> Why So Dangerous

The high danger of such schemes is that the untrained eye could never tell the difference between a true warning email from the bank and a Phishing email. If you decide not to trust the emails you could miss something important and if you trust the email you may be jeopardizing too much.

Read my posts about Phishing, I have further advice on how to understand and protect yourself from this rather new attack method and please feel free to reach out and discuss all your questions!