Phishing is the fraudulent use of electronic communications to deceive users and gain illegal access to their sensitive or confidential information such as usernames, passwords, credit card information, network credentials and more. Attackers usually masquerade as a reputable entity or person in emails, voice calls or SMS. Also, malware in form of links is sometimes attached, and if it is eventually clicked, the victim's system will be infected with a virus.
There are various types of phishing attacks which include:
- spear phishing attacks: exclusively targeted at a high-profile individual within an organisation. The attacks usually employ gathered information of the potential victim, such as name, location and other personal information in an email or SMS sent to the potential victim
- whaling attacks: just like spear phishing attack, is targeted at a group of executives within an organisation with the sole aim of impersonating one of the executives to convince a board member to give out sensitive information or send fund to the deceptive attacker
- pharming: known as a type of phishing attack that uses DNS cache poisoning to redirect users from a legitimate site to a fraudulent one
- voice phishing: just as the name implies, occurs over voice-based media, including voice over IP (VoIP) or plain old telephone service (POTS).
To protect yourself from phishing attacks, additional layers of protection must be added to assist the traditional email spam filters. Security experts recommend the service of:
- antivirus software
- desktop and network firewalls
- antiphishing toolbar installed in web browsers
- antispyware software
- gateway email filter
- web security gateway
- phishing filters from vendors such as Microsoft.
Enterprise mail servers are advised to make use of at least one email authentication standard in order to confirm inbound emails are verifiable.