Phishing is one of the most tech-savvy social engineering attacks. Often, phishing is done to steal user data such as credit card numbers and login credentials. Attackers pose as legitimate individuals or institutions via email or phone to manipulate their victims into undertaking specific tasks on their behalf. These tasks may include clicking on suspicious attachments and links or willfully divulging sensitive information.
Phishing attacks target both individuals and businesses because almost every kind of organizational or personal data is valuable. Those behind phishing attacks have different motivations, from accessing an organization’s network to committing fraud. In recent years, there has been a spate of phishing scams that target organizational or personal data to back up government-backed spying or espionage efforts. Phishing is a social engineering technique because these scams depend on human fallibility instead of a software or hardware flaw.
Internet records state that the term “phishing” got used for the first time in January 1996 when a Usenet newsgroup referred to as AOHell raised concerns about the rise of scams on America Online (AOL). This is why AOL has been faulted for being the genesis of phishing attacks. The term “phishing” is said to have evolved from “fishing” since both activities entail attempting to bail a potential victim into a trap.
The first recorded phishing attacks involved individuals pretending to be AOL employees asking uses to confirm their billing addresses with the company. At that time, companies didn’t have the tight cyber-security measures that we have today. Eventually, AOL had to inform its clients that it wasn’t asking them to provide any information whatsoever. Nonetheless, the seeds of phishing had already gotten sown.
The success of the early perpetrators of phishing attacks is regarded as a significant moment as far as the history of cyber-attacks is concerned. Even so, phishing would still have emerged as a significant hacking practice in one way or another. This is because it relies more on human error without requiring in-depth networking or programming expertise. Phishing involves the manipulation of human psychology and leveraging a lack of online security awareness.
The Evolution of Attacks
An evaluation of what is phishing will be incomplete if you fail to look at the evolution of phishing attacks. In many ways, there hasn’t been a change in the methodology of phishing attacks since they were first reported. Phishers have diversified their activities, with most of them focusing on online payment systems. This is attested to by a spate of incidents in 2013 whereby phishers registered tens of domains the mimicked prominent payment websites such as PayPal and eBay.
Email worm programs were used to send spoofed emails to customers, who were tricked into illicitly providing their credit card information and other personal details. Since then, other sophisticated phishing methods have been developed and used to target individuals and companies.
Phishing for Political Gains
While reading about what is phishing, you will come across incidents where this activity has been used for political gain. For instance, during the 2016 Presidential Election in the US, incidents of spear-phishing were reported. This form of phishing entails targeting a specific organization or individual rather than the general population.
Unlike in typical phishing incidents, the end-game of such an attack isn’t to gain confidential personal information, but to damage an individual’s character. Likewise, phishers who perpetrate their act for political gain do so to spread malware or fake news.
A lot needs to be done to prevent phishing attacks. As long as Internet users keep clicking on suspicious links or opening attachments whose source they don’t know, phishers will continue having a field day. Every phishing attempt expects a quick reaction.
Therefore, if you get tempted into doing something online without hesitation, do the opposite. Take time to double-check the links/attachments sent to you so that you ascertain their source. Knowing what is phishing and the techniques used by phishers will go a long way in helping you secure your data.
There are lots of cyber-criminals who are after your personal information. Undoubtedly, you don’t have the knowledge or tools to prevent phishers from stealing your information. That’s where NuEduSEC comes in. Our cloud-based cyber-security platform provides you with the utmost protection and trouble-free Internet experience. We keep you safe online irrespective of the network that you are using.