What is Phishing?

Phishing is the act of sending email pretending to be someone you’re not in an attempt to get the receiver of the email to reveal account credentials.

For example:

The user may receive an email that looks like it came from PayPal advising that their account may be compromised.  The email would ask them to click a link to verify their settings and/or reset their password.  Clicking the link brings them to a website that looks like PayPal’s site but is actually a clone of PayPal’s website.

The user is none the wiser and enters their username and password thus sending their PayPal credentials to the attacker.

There are variations of Phishing that include:

Vishing – using the phone to gain access to the victim’s account.  (ie. pretending to be from tech support to get the victim’s credentials).
Smishing – using SMS (text message) to gain access to a victim’s account.
Spear Phishing – targeting a specific individual or organization with a phishing attack