Phishing is a confidence trick that involves a scammer sending communications to people in order to deceive them and gain sensitive information from them.
In the modern age, phishing communications are mostly digital with the majority of them being email messages.
Phishing can be used on mass amounts of individuals at once or can be specifically targeting individuals and organizations.
How Phishing Tricks Victims?
Scammers send messages (phishing attempts) that appear trustworthy, or at least they try to make them look trustworthy. These phishing messages are made to look like communications (emails mostly) that people are expecting.
Like a message from a bank or utility company.
The phishing message can ask for people to reply with information such as bank account information. Some people might think it normal to email their bank with personal information the bank already has.
A phishing email can also be used to get an individual to download malicious software (malware) such as ransomware. Instead of the email asking for information, the email will ask the recipient to click on a link. This link will then download software on the victims computer that will eventually be used to extort money from them.
This link can also send victims to a trick website that looks exactly how a website the victims frequent would look.
A phishing victim will get an email that directs them to login in an account, such as a bank account, using a link provided in the email. This link will send the victim to a website that looks exactly like the website that the victim uses for banking. Then all the information the victim enters in the fake website will be recorded by the scammers.
Forms of Phishing Communication
How Do Phishing Scammers Get my Contact Information?
Phishing is done on mass with generic messages send to a large amount of people or can be targeting specific people.
Contact information obtained for mass phishing scams, like the Nigerian Prince Scam, are collected with scraping programs. These programs crawl the world wide web and detect and collect contact information. Contact information can be found on social media pages and classified ads, to name a few.
Contact information gathering methods for this is obvious: a scammer focuses their energy on targeting a specific individual and gets contact information from them by searching online.
This is called Spear Phishing.
A common phishing trick used on targeted individuals is the fake invoice scam. A scammer will send a fake invoice to an employee of a company that is responsible for paying invoices. The fake invoice will look like one the employee is expecting.
About the Author
Peter Sandru is an Instructor & Co-Founder of NDIL with over 15 years as a Professional Investigator. Peter has spent more than a decade conducting investigations and security operations throughout the world, primarily for corporations, law firms, and government agencies. Peter has assisted in the creation of numerous investigative & security training programs in various capacities.