What Is Phishing and How Does It Work?

Photo of author

By Admin Desk

Research is showing that phishing is costing businesses across the world millions of dollars per year. So, how do you protect yourself from becoming a victim? In this article, we will discuss what phishing is and how to avoid getting phished.

What is phishing?

So, phishing is an attempt to acquire sensitive information or to deliver some type of malicious program onto an unsuspecting user’s computer via electronic means. This type of attack may come not just from emails, however also from social websites, regular websites or you can even be phished through a USB key or external hard drive.

Phishing is basically somebody tricking you into clicking something or doing something they want you to do. Typically so that you will release sensitive information or you’re going to have some type of malicious program inserted into your computer.

What is spear phishing?

Spearphishing is a little different from phishing, in the sense that it’s targeted to specific individuals. A spear-phishing attack typically has a person behind it, who is usually a social engineer who has done reconnaissance or has done their homework on the person that they’re trying to phish.

This means that they know a lot about this person and therefore they’re able to send out a more targeted and more well-crafted email that has personal information and so the person receiving it can be misled into believing that the sender is a trustworthy entity or is the person who is actually the victim and that the email supposedly is coming from instead of the phishing perpetrator.

Typical spearphishing victims

You are at risk of becoming a victim of spearphishing if you are in charge of bank accounts at your company, or you work in the accounting department if you’re the owner of a company or perhaps you have access to intellectual property or patent secrets. If in doubt, always check with your IT department or IT security consultants.

If you’re a public figure such as a politician, or a celebrity, a CEO of a large multinational corporation, you will get very targeted spearphishing attempts, because there’s a lot of information out there about you, and you’re at risk simply because of your worldwide recognition.

Different attack types

25% of phishing attacks are when the attackers masquerade as financial institutions, banks credit card suppliers, etc. We have online stores, any auctions such as eBay or Amazon. We’ve all seen those emails that we get; your eBay account is about to be closed, you need to login, blah blah they are typically phishing attacks created to steal your login credentials.

There is a further 25% of phishing attacks that come in the form of social media sites. A lot of people post links on Facebook and other sites, where the links can lead to malicious websites where you can have your computer infected or into fake sites where they could try to steal your credentials.

For example, you may think you are visiting the website of your real bank, yet you actually go to a phishing website that’s made to look exactly like your bank’s real website. You could get emails coming from your help desk stating that there’s a problem in the network and you need to click on a link so that helpdesk can fix your problem.

Read Also: Best windows spy app for your PC

What you need to download a program to fix, etc. The best thing to do is to not click on it, instead just pick up the phone and call the helpdesk and find out if that email really came from them.

If you have a virus that’s in your computer it could skew your search results and rather than leading you into the correct websites it might lead you to some fake websites, where the perpetrators then try to steal your credentials.

Some viruses can also inject additional fields into web code, for example, if you go to your real banking website and to login you place you have to enter your username and password however you might get an additional field that you’ve never seen before and it’s asking you for the last four digits of your credit card.


2020 is a great time for malicious attackers to start sending out emails with hyperlinks to fake websites in the hopes that users will enter their credentials into these fake websites and then expose those credentials to the person that’s trying to access your bank account or your credit card or what have you.

Always be alert for emails or texts that look realistic, however, may be fake. Don’t hesitate to go to a web browser and type in the link address yourself, or indeed call the reported sender, to confirm the email is real.

If you suspect that you’ve been fished obviously you want to change your passwords, monitor your credit card and bank information, and maybe contact a consultant that does consultations on this type of scams. If you work in a company and you feel that your computer has been compromised or that you’ve been fished please contact your IT manager.