Phishing

Search for glossary terms (regular expression allowed)
Term Main definition
Phishing

Phishing is the term used to deceive the receiver of an email that it is genuine and that the content should be acted upon.

Typically, it involves a criminal mass mailing a list of targets with the view to the get the target to click on a link where the liinked website may infect the visitor with malware, or to collect the visitors credentials to an account (which may be a bank, email or other service account).

There may be some attempts at making the message seem like it was from the legitimate sender.

Other Definitions

National Cyber Security Centre (NCSC):

Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.

SANS:

The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site looks like they are part of a bank the user is doing business with.

Wikipedia:

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, credit card numbers, or other sensitive details by impersonating oneself as a trustworthy entity in a digital communication. Typically carried out by email spoofing, instant messaging, and text messaging, phishing often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. As of 2020, phishing is by far the most common attack performed by cyber-criminals, with the FBI's Internet Crime Complaint Centre recording over twice as many incidents of phishing than any other type of computer crime.

The first recorded use of the term "phishing" was in the cracking toolkit AOHell created by Koceilah Rekouche in 1995, however it is possible that the term was used before this in a print edition of the hacker magazine 2600. The word is a leetspeak variant of fishing (ph is a common replacement for f ), probably influenced by phreaking, and alludes to the use of increasingly sophisticated lures to "fish" for users' sensitive information.

Attempts to prevent or mitigate the impact of phishing incidents include legislation, user training, public awareness, and technical security measures.


 Check out our FAQ's:

  • How to avoid phishing attacks
  • Different forms of a phishing attack