Phishing is a type of attack on personal data that comes in the form of a fake email or wesbsite, which is made to look like it comes from a reputable site – but does not.
A user might, for instance, get an email that has all of the themes and imagery of a typical message from Facebook, except this email will tell the user they need to reset their password and will offer that user a login prompt to do so.
The user clicks on the prompt, is directed to a fake webpage that looks like Facebook, and then the user enters their login and password. Just like that, the phishing attack has succeeded. Phishing works because it plays on people’s trust. Facebook is a good example of this. In recent years, the ubiquitous social media platform has become a very popular tool for phishers, who have exploited both Facebook’s popularity and people’s fears of losing their personal data – ironically enough – to steal people’s data by sending them bogus password reset requests that purport to come from Facebook, but do not.
Of course, phishing attacks in the form of Facebook emails are not the only form of phishing – attackers send similar messages that imitate the format of messages from major banks and credit card companies as an attempt to get access to people’s financial data and online accounts. Whatever web service is in question, the goal of phishing attacks is always the same – to exploit users’ trust in well-known institutions to get their usernames, emails, passwords, or PINs.
There are several ways to avoid phishing attacks. The common theme in each is to be highly suspicious of any online request for your personal information.