What is phishing?

Phishing (or a phishing attack) is the act of attempting to gain information such as credit card details, user names, passwords, and other personal data, as well as items, including money by impersonating a recognizable and/or trustworthy source in an electronic communication. Phishing email messages, websites, and phone calls are designed to steal money by installing malicious software onto a computer or gaining additional sensitive information about victims. Common crimes relating to phishing attacks include credit theft, extortion, and identity theft.

In some forms of phishing attacks, cybercriminals engage in social engineering in order to install malicious software or hand over personal information under false pretenses.

How do phishers gather personal information used in phishing attacks?

Phishers can gather telephone numbers, home addresses, email addresses, and personal information used in phishing attacks utilizing a variety of platforms and tactics. The most common way personal data is collected is via downloadable content, malware (spyware), computer viruses, and other items used to collect and distribute personal information.

This malware is often located in downloadable content including freeware, shareware, and torrents. This may may even be contracted by clicking malicious advertisements and links contained in compromised social media content.

Damage of phishing

The damage caused by phishing ranges from denial of access to email to substantial financial loss. It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately US$929 million. United States businesses lose an estimated US$2 billion per year as their clients become victims.[53] In 2007, phishing attacks escalated. 3.6 million adults lost US$3.2 billion in the 12 months ending in August 2007.[54] Microsoft claims these estimates are grossly exaggerated and puts the annual phishing loss in the US at US$60 million.[55] In the United Kingdom losses from web banking fraud—mostly from phishing—almost doubled to GB£23.2m in 2005, from GB£12.2min 2004,[56] while 1 in 20 computer users claimed to have lost out to phishing in 2005.[57]

Many browser attachments for Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer often grant themselves permission to collect user activity including complete computing and internet browser activity. In most cases these items claim to collect anonymous information such as internet browser, Internet Service Provider information, Operating System used, Screen Resolution, IP Addresses, and information users manually submit online including home addresses, telephone numbers, credit information, bank account information, and more. These items may even compromise social media accounts and gain information concerning relationships with family and friends.

728x90 ESET for Windows Save 25%