What is phishing? Definition and examples
Somebody who sends emails pretending to be from a genuine or reputable company and asks the reader to disclose personal information is Phishing. It is a fraudulent practice. The personal information may include, for example, usernames, passwords, and credit card data. The aim of the individual who is phishing is usually to steal money from people, companies, and other organizations.
Phishing may also involve sending malicious attachments or links by email which can extract sensitive information from victims’ computers. If victims click on the attachment or link, the cyber criminal may get access to their account information, login details, and other confidential data.
The link in the email may take the victim, if they click on it, to a replica of an authoritative website. However, it is a fake site.
It is easier to trick people into clicking on malicious attachments or links from emails that appear legitimate than hacking into computer systems. Hence, phishing has become increasingly popular with online fraudsters.
In recent years, phishing tactics have evolved to include sophisticated social engineering methods, where attackers manipulate victims into divulging confidential information under the guise of routine security checks or urgent requests for information.
To phish – phisher
The verb to phish means to try to obtain confidential information fraudulently from people via email, text, or phone. To phish also means to make somebody a victim (of phishing).
Phishing is a type of scam. We refer to the person who does it as a phisher, swindler, cyber criminal, trickster, or scammer.
Etymology of phishing
Etymology is the study of where words come from, i.e., their origin, as well as how their meanings have evolved.
According to etymonline.com, the term phishing emerged in the English language at the turn of the century (perhaps as early as 1995). It is an alteration of fishing, e.g., fishing around for information.
There are two theories regarding its origin:
- A phone phreak was somebody who electronically defrauded or hacked telephone companies in the early 1970s.
- The US rock band Phish, which was active from 1983 to 2000, and then intermittently until the present, may have inspired somebody to invent the term.
Wikipedia has the following definition of the term:
“Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.”
“Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
Protect your company against phishing
There are various measures you can take to protect yourself, your employees, and your company from this type of cybercrime:
- Organize training sessions, preferably with mock scenarios, for company employees.
- Install a state-of-the art spam filter.
- Update all computer systems regularly. Make sure all the latest security patches are in the system.
- Install a good anti-virus software program and web filter.
- Have regular signature updates.
- Make sure all passwords are robust and have an expiration date.
- Have all employees who are working remotely use encryption.
These measures come under the umbrella term Cyber Security.
A serious global problem
Phishing is a rapidly growing global problem. Let’s look at some corporate statistics for 2019 (source: retruster.com):
- A typical data breach costs approximately $3.86 million.
- Ninety percent of data breaches are the result of phishing.
- People who have been phished successfully will become a target again at least once within twelve months.
- This type of cybercrime caused $12 billion in total losses.
- From 2018 to 2019, phishing attempts have increased by 65%.
- Each month, 1.5 million new phishing websites appear.
- Over the past 12 months, 76% of companies have said they were victims of this type of attack.
- One third of targeted users open phishing messages.
Beyond financial loss, victims of phishing may also suffer from identity theft, where their personal information is used to commit further fraud.
Phishing – vocabulary and concepts
From the English root word “phishing,” there are many derivative words, compound nouns, and compound phrases. Let’s have a look at some of them, their meanings, and how we use them in a sentence:
-
Phish (verb)
To attempt to acquire sensitive information by masquerading as a trustworthy entity in electronic communication.
Example: “Cybercriminals phish by sending emails that look like they’re from your bank.”
-
Phisher (noun)
A person who engages in phishing.
Example: “The phisher was caught when he attempted to steal login credentials.”
-
Phishing attack (noun phrase)
An attempt to steal personal information or infect computers with malware via phishing techniques.
Example: “The company’s email system was targeted by a sophisticated phishing attack.”
-
Phishing scam (noun phrase)
A fraudulent scheme carried out through phishing.
Example: “She almost fell for a phishing scam pretending to be a message from her internet service provider.”
-
Anti-phishing (adjective)
Pertaining to measures or actions taken to prevent or combat phishing.
Example: “He installed an anti-phishing toolbar on his browser for added security.”
-
Phishing expedition (noun phrase)
An attempt to phish information from many people, hoping some will provide the information.
Example: “The cybercriminals went on a phishing expedition, sending thousands of fraudulent emails.”
-
Phishing filter (noun phrase)
Software designed to identify and block phishing content.
Example: “The new update for the web browser includes an improved phishing filter.”
Three Educational Videos
These three interesting YouTube videos come from our sister channel, Marketing Business Network (MBN). They explain what the terms “Phishing,” “Catfishing,” and “Cybersecurity” mean using easy-to-understand language and examples:
-
What is Phishing?
-
What is Catfishing?
-
What is Cyber Security (a.k.a. Cybersecurity)