What is Phishing?

Phishing is a form of social engineering that tricks people into revealing their passwords or valuable information. Phishing attacks can be in the form of emails, text messages, and phone calls.

Usually, these attacks pose as popular services and companies that people recognize easily.

When users click a phishing link in the body of an email, they are sent to a lookalike version of a site they trust. They are asked for their login credentials at this point in the phishing scam. Once they enter their information on the fake website, the attacker has what they need to access their real account.

Phishing attacks can result in stolen personal information, financial information, or health information. Once the attacker gets access to one account, they either sell the access to the account or use that information to hack other accounts of the victim.

Once the account is sold, someone who knows how to profit from the account will buy the account credentials from the dark web, and capitalize on the stolen data.

Here is a visualization to help you understand the steps in a phishing attack: