Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising a message as an official, trustworthy electronic communication. Typically carried out by e-mail spoofing – as well as via SMS (“smishing”), instant messaging, and text messaging – a phishing message includes a hyperlink (or another method) to direct a victim to enter personal information at a fake website which has been designed to look like the official site.
Phishing is an example of social engineering techniques used to deceive users. Users are lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, colleagues/executives, online payment processors or IT administrators.
A phishing attempt always involves the victim receiving an e-mail (or other electronic communication) and can usually be identified by the following:
- includes a link to click on
- includes an attempt to create a sense of urgency: “You have one week to update your banking details before you are locked out of your account”.
- often contains grammar and spelling errors
- is not personalised & contains none or very little of your information