What is phishing?
The term phishing is derived from “fishing” and describes a scam on the Internet in which the victim’s personal data is “fished” and misused for criminal purposes. Typically, the victims receive a message via an electronic communication medium (e.g. an email) abusing their trust. They then unknowingly reveal access data to other people. Phishing always pursues malicious intentions: The victims are supposed to suffer personal or financial damage – from loss of trust and defamation to economic ruin. At the same time, the personal enrichment of cybercriminals is the focus of the attacks.
When it comes to phishing, cybercriminals rely on different approaches. The typical approach is to send an email that guides the victims to a website with a fake login mask. Here, the victims’ personal data is “phished” and then misused. Many cybercriminals rely on psychological manipulation in the sense of social engineeringin this method. The victims’ emotions, for example curiosity, fear or pressure, are used to manipulate them into actions. Under the pretense that quick action is necessary, they induce their victims to carelessly and thoughtlessly disclose password or account information.
However, you can also more frequently find phishing mails that download malware onto the victims’ computers after a simple click on a link. Once these programs have been executed, they then unknowingly spy on data (spyware) or even encrypt data so the criminals can demand a ransom (ransomware). In this case, too, engineering play a role, because criminals can reach their goal more easily via manipulating human emotions.