Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising a message as an official, trustworthy electronic communication. Phishing is typically carried out by e-mail spoofing — as well as via SMS (“smishing”), instant messaging, and text messaging — a phishing message includes a hyperlink (or another method) to direct a victim to enter personal information at a fake website which has been designed to look like the official site.
Phishing is an example of a social engineering technique used to deceive users. Users are lured by communications claiming or pretending to be from trusted parties such as social websites, auction sites, banks, colleagues/executives, online payment processors or IT administrators.
A phishing attempt always involves the victim receiving an e-mail (or other electronic communication) and can usually be identified by the following:
- includes a hyperlink to click on
- includes an attempt to create a sense of urgency: “You have one week to update your banking details before you are locked out of your account”.
- often contains grammar and spelling errors
- is not personalised & contains none or very little of your information
Do not confuse phishing with pharming:
|E-mail (or SMS etc.) with link to a fake website||Fake website|
|Very easy to create & send electronic messages & create a fake website||Very difficult to hack DNS servers to redirect traffic to the fake site|
|Aim: to obtain your login credentials so that the criminal can log in to your REAL account and commit fraud.|