Summary
Highlights
Phishing is a common online scam where attackers send fake emails, often disguised as legitimate organizations like banks, to trick users into revealing personal information or login credentials. They create convincing fake websites that mimic real ones to steal data when users click malicious links and enter their information.
While some phishing emails are obviously fake (like the 'Nigerian prince' scam), these less sophisticated attempts create a false sense of security. This makes users less likely to identify more sophisticated and well-executed phishing attacks. A 2015 study showed that 97% of people couldn't identify advanced phishing emails.
Spear phishing refers to highly targeted attacks. Scammers use information gathered from social media or public online records to personalize emails, making them seem more legitimate and specific to the individual. This increases the likelihood of success. A review of over half a million inboxes found that 77% of spear phishing attacks targeted 10 people or fewer, with 33% targeting just one person.
An example of spear phishing involves an email from a 'colleague' on holiday in Mexico who claims to have lost their phone, wallet, and passport, asking for money through a link. The scammer obtains the holiday information from social media and then Googles the colleague's workplace to find the target's email address, creating a believable but fake scenario.
To stay safe, always verify the sender of an email. Never click on links in suspicious emails; instead, navigate to the official website independently. If unsure, contact the company directly using a legitimate phone number. If you must click a link, triple-check the URL to ensure it matches the legitimate website, as merely seeing a padlock icon is not sufficient.