Phishing attempts
Phishing is a type of social engineering attempts where an external attacker attempts to obtain important information from another person by posing as a trustworthy source. This is usually done by using electronic media. Common modes of phishing attempts are emails, text messages, and social media messaging.
How does phishing work?
Usually, phishing works by breaching the trust of another individual. Phishing emails might look like emails from a company on which the user trusts, but is actually from an outside user who is not associated with the said company by any way (Butavicius et al., 2016). Phishing emails usually mention a false incident and use that incident to gain information from the receiver. The receiver is provided with a list of details that he/she needs to provide, and is usually given a contact number or email address on which they have to send the desired information.
The information asked in phishing emails are often the type of information which is required to keep confidential. Since these details are difficult to obtain otherwise., the attacker attempts to get these through phishing. Several people have fallen victim to phishing attempts and in turn have revealed their information in phishing attempts, due to which they have lost their funds or compromised their data to others. Usually, the attackers use the electronic medium as it is difficult to trace back. Phishing attempts typically ask the victims to reveal that information which would benefit the senders somehow, either financially or by giving them access to someone’s data (Vincent, 2019). Don't use plagiarised sources.Get your custom essay just from $11/page
An example of a phishing email received by me
I have received a phishing email on September 2019, which had stated that I had won a lottery for three million dollars. The lottery had been conducted by HSBC international bank, which is a huge bank around the globe. The email said that all the winners of the lottery have to claim their prize within forty-eight hours, and will have to provide the following details:
- Name
- Address
- Email ID
- Mobile phone number
- Bank account number
- Government identification proof (like driving license)
The email also had a fake congratulatory message from the Chief Executive Officer of HSBC corporation Noel Quinn. I immediately deleted the email and blocked that particular sender from my email ID to avoid receiving a similar type of mails in the future.
What type of email was this?
This email is the type which extracts information from the user by announcing a piece of good news. The email is set up in such a way that the receiver is bound to believe such a story (Patel et al., 2019). To further prove its authenticity, they also attach a message which is falsely addressed by some higher authority. This will instil a feeling of confidence in the minds of the victims.
In the above example, the primarily intended details are the bank account number and contact credentials. If the receiver wishes to reveal this information, it can endanger their private data. The bank details demanded here can enable the attacker to siphon off funds from the bank account of the victim.
References:
Butavicius, M., Parsons, K., Pattinson, M., & McCormac, A. (2016). Breaching the human firewall: Social engineering in phishing and spear-phishing emails. arXiv preprint arXiv:1606.00887.
Patel, P., Sarno, D. M., Lewis, J. E., Shoss, M., Neider, M. B., & Bohil, C. J. (2019). Perceptual representation of spam and phishing emails. Applied Cognitive Psychology, 33(6), 1296-1304.
Vincent, A. (2019). Don’t feed the phish: how to avoid phishing attacks. Network Security, 2019(2), 11-14.