The term “phishing” refers to attempts to obtain confidential data or information through fake websites, e-mails or instant messages. Phishing is a portmanteau of the words “password” and “fishing”.
The attackers pretend to be trustworthy communication partners and often use fake identities to trick the victims into performing certain actions (social engineering).
For example, users may receive an e-mail from their bank with a link and the information asking them to log in so that they can continue using the online service. The link in the e-mail then leads the user to a perfectly simulated copy of the bank’s real website. The attackers intercept the data that is then entered in the login form and use it to plunder the user’s account.
The same principle applies to phishing attempts via phone or text message (SMS, instant messaging). The aim is always to trick a potential victim into something that is harmful to them. This may involve disclosing confidential data, entering access credentials such as usernames and passwords, or even obtaining the second factor in two-factor authentication.
Until a few years ago, phishing e-mails were full of spelling and grammatical errors, but these days they are the exception rather than the rule. Unfortunately, the writing style of e-mails has also improved with the help of AI, which is why it is becoming increasingly difficult to recognize them.
The top priority is still to never click on a link in an e-mail or text message. Even if it is from your bank, a parcel delivery service or your favorite online store. It is better to access the site manually via your browser.
For more information on the topic of phishing, read our blog article.
