Phishing is a type of cyberattack<\/a> in which a threat actor<\/a> “fishes” for potential victims by impersonating a trustworthy entity. The objective is to lure potential victims into revealing sensitive information, transferring funds, or completing some other action that will benefit the attacker.<\/p>\n Phishing scams<\/a> can be conducted through text messaging, comments in social media<\/a> posts, or phone calls \u2013 but email<\/a> is still the most cost-effective way for attackers to target potential victims with minimal effort. According to the United States Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks<\/a> begin with email phishing.<\/p>\n The term “phishing” is believed to have been coined in the late 1990s by a notorious spammer and hacker<\/a> who went by the AOHell Usenet<\/a> handle Khan C. Smith. The word choice was meant to convey the idea that if the attacker used the right bait and cast a wide enough net, they were bound to catch at least one fish (victim).<\/p>\n Early phishers required technical skills to carry out an attack. Today, criminals can purchase phishing kits<\/a> on the dark web<\/a> or team up with Phishing-as-a-Service<\/a> (PhaaS) partners who handle the technical side of phishing in exchange for a fee or share of the profits.<\/p>\n Criminals who conduct phishing campaigns typically impersonate legitimate organizations or trustworthy entities and make requests that allow the attacker to intercept sensitive information, benefit from a financial transaction, or gain access to a network<\/a>.<\/p>\n The biggest red flags that indicate an unsolicited email or text message is part of a phishing attack are that the urgent communication is unsolicited, the message’s content requests you to click on a link, and the sender’s email address looks somewhat legitimate but slightly off.<\/p>\n Here is an example of a phishing email.<\/p>\n Here are some examples of phishing text messages.<\/p>\n Types of phishing exploits include:<\/p>\n Chatbots<\/a> that use generative AI<\/a> have made it easier than ever for phishers to craft email communications that appear to be from a legitimate source.<\/div><\/div>\n Currently, the top targeted industries for phishing attacks include:<\/p>\n Here are four notable examples of successful phishing exploits<\/strong>:<\/p>\n Phishing uses social engineering<\/a> strategies designed to exploit people’s emotions and social values. While technical tactics are critical components, psychological manipulation is often the primary factor that determines an attack’s success.<\/p>\n Popular strategies include taking advantage of people’s trust in authority figures, their desire to be helpful, and their fear of missing out<\/a> (FOMO).<\/p>\n Technical tactics commonly used in phishing attacks include:<\/p>\n Artificial intelligence (AI) is making it easier for criminals to create realistic phishing content that is harder for humans or anti-phishing services<\/a> to detect. Attackers are using large language models<\/a> (LLMs) and generative AI prompts to:<\/p>\n To mitigate the risks<\/a> associated with phishing, individuals and organizations need to prioritize phishing awareness education<\/a>, implement robust email filtering, consider using anti-phishing cloud<\/a> services, and follow best practices for online safety<\/a>.<\/p>\n The following security precautions are recommended to prevent phishing attacks from being successful:<\/p>\n Anti-phishing software can help protect individuals and organizations from phishing attacks. This type of software is often bundled with anti-virus software. Key features and functions include:<\/p>\n Phishing, by definition, requires the attacker to cast a wide net in hopes of catching a few unsuspecting victims. To protect yourself from phishing attacks, it’s important to be aware of the tactics criminals use in this type of attack. Common features of phishing emails include unexpected requests for sensitive information and urgent calls to action.<\/p>\n![\"What](\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2011\/08\/What-is-Phishing-Attack-300x189.jpg\")
<\/p>\nKey Takeaways\u00a0<\/span><\/h2>\n
\n
History of Phishing<\/span><\/h2>\n
How Phishing Works: Phishing Attack Indicators<\/span><\/h2>\n
![\"Phishing](\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2011\/08\/Phishing-Email-Example-300x294.jpg\")
<\/p>\n![\"Phishing](\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2011\/08\/Phishing-Text-Messages-Examples-291x300.jpg\")
<\/p>\nTypes of Phishing Exploits<\/span><\/h2>\n
![\"9](\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2011\/08\/9-Different-Types-of-Phishing-300x252.jpg\")
Phishing exploits can easily be adapted to meet the needs of different types of attack objectives. Phishers can either cast a broad net hoping to catch a few victims \u2013 or a narrow net designed to catch a specific victim. It’s this versatility that is so appealing to criminals and so frustrating for law enforcement.<\/p>\nMost Targeted Industries for Phishing Attacks<\/span><\/h2>\n
\n
Phishing Examples<\/span><\/h2>\n
Psychological Strategies Used in Phishing<\/span><\/h2>\n
Technical Techniques Used in Phishing<\/span><\/h2>\n
Phishing and AI<\/h3>\n
\n
10 Ways to Prevent Phishing Attacks<\/span><\/h2>\n
![\"10](\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2011\/08\/10-Tips-to-Protect-Yourself-Against-Phishing-208x300.jpg\")
<\/p>\n\n
Anti-Phishing Software<\/span><\/h2>\n
\n
The Bottom Line<\/span><\/h2>\n
FAQs<\/span><\/h2>\n
What is phishing in simple words?<\/h3> <\/div>\n