What is phishing? Definition and examples
Somebody who sends emails pretending to be from a genuine or reputable company and asks the reader to disclose personal information is phishing. It is a fraudulent practice. The personal information may include, for example, usernames, passwords, and credit card data. The aim of the individual who is phishing is usually to steal money from people, companies, and other organizations.
Phishing may also involve sending malicious attachments or links by email which can extract sensitive information from victims’ computers. If victims click on the attachment or link, the cyber criminal may get access to their account information, login details, and other confidential data.
The link in the email may take the victim, if they click on it, to a replica of an authoritative website. However, it is a fake site.
It is easier to trick people into clicking on malicious attachments or links from emails that appear legitimate than hacking into computer systems. Hence, phishing has become increasingly popular with online fraudsters.
To phish – phisher
The verb to phish means to try to obtain confidential information fraudulently from people via email, text, or phone. To phish also means to make somebody a victim (of phishing).
Phishing is a type of scam. We refer to the person who does it as a phisher, swindler, cyber criminal, trickster, or scammer.
Etymology of phishing
Etymology is the study of where words come from, i.e., their origin, as well as how their meanings have evolved.
According to etymonline.com, the term phishing emerged in the English language at the turn of the century (perhaps as early as 1995). It is an alteration of fishing, e.g., fishing around for information.
There are two theories regarding its origin:
- A phone phreak was somebody who electronically defrauded or hacked telephone companies in the early 1970s.
- The US rock band Phish, which was active from 1983 to 2000, and then intermittently until the present, may have inspired somebody to invent the term.
Wikipedia has the following definition of the term:
“Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.”
“Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
Protect your company against phishing
There are various measures you can take to protect yourself, your employees, and your company from this type of cybercrime:
- Organize training sessions, preferably with mock scenarios, for company employees.
- Install a state-of-the art spam filter.
- Update all computer systems regularly. Make sure all the latest security patches are in the system.
- Install a good anti-virus software program and web filter.
- Have regular signature updates.
- Make sure all passwords are robust and have an expiration date.
- Have all employees who are working remotely use encryption.
These measures come under the umbrella term Cyber Security.
A serious global problem
Phishing is a rapidly growing global problem. Let’s look at some corporate statistics for 2019 (source: retruster.com):
- A typical data breach costs approximately $3.86 million.
- Ninety percent of data breaches are the result of phishing.
- People who have been phished successfully will become a target again at least once within twelve months.
- This type of cybercrime caused $12 billion in total losses.
- From 2018 to 2019, phishing attempts have increased by 65%.
- Each month, 1.5 million new phishing websites appear.
- Over the past 12 months, 76% of companies have said they were victims of this type of attack.
- One third of targeted users open phishing messages.