What is Phishing and How Does it Work?

  • By David Lukic
  • Nov 12, 2020

Phishing scams have become a major enterprise in the world of cybercriminals. Most likely, you have heard the word phishing attacks brandished around, but you do know what it means? Well, you should because you just may be the next victim. 

What is Phishing?

What is Phishing

Phishing scams are scams carried out via email, text, social media, or through an app. It is also one of the easiest ways that criminals steal your information or identity. Unfortunately, because phishing scams are so easy and the victims are ignorant of the dangers, millions of dollars are lost every year to these types of scams. Experts claim that 1.4 million new malicious websites show up on the web each month!

How Does Phishing Work?

According to Verizon’s Investigations Report, one-third of all data breaches were the result of phishing email. Unfortunately, that percentage is much higher (78%) for other types of cyberattacks. The idea behind the name phishing comes from “fishing” where you cast a line and hope for a bite. Crooks initiating phishing attack campaigns are getting more sophisticated and harder to catch all the time. They use social engineering tactics to scare and dupe innocent victims into giving away personal information that they would never do if they weren’t panicked. 

A phishing attack campaign works by the cybercriminal picking a target group. It might be the customers of a well-known bank. They then troll the dark web and purchase or barter for a list of customers. They then design an email using the bank’s own logos, colors, fonts, and sometimes even text from a legitimate bank email and design a fake message. They typically imply a threat of “closing your account” or claiming there has been a data breach of some sort. They hope to panic you into clicking the link and not thinking. Once you do, you are taken to a “spoofed” website, which looks like the bank’s but is not. You are then asked to enter your account credentials or other financial information, and unfortunately, because it wasn’t the bank, the cooks now have your login or bank information. 

Another objective is sometimes rather than take you to a website, clicking the link in the email infects your computer with trojan virus or worm. These can be devastating and take control of your computer and network, steal your files and information, spy on you, lock your computer until you pay a ransom, or steal your identity and open up lines of credit in your name. There are many different nefarious goals for these types of attacks.

Most disturbingly is that some hackers even sell “phishing kits” on the dark web so that even non-technical crooks can use them to pull off phishing scams successfully. Some even come complete with a video and typed instructions. Often the developer will take a cut of the proceeds. 

List of the Top Companies Used in Phishing Emails

Phishing Email

Phishers’ Favorites came up with a list of the top companies that are used by cybercriminals to trick victims into believing they are real. They will spoof email addresses from them, obfuscate links and copy graphics and design elements to make the messages look very real. The top companies faked are:

 

  1. PayPal.

  2. Microsoft.

  3. Netflix.

  4. Facebook.

  5. Bank of America.

  6. Apple.

  7. Chase.

  8. CIBC.

  9. Amazon.

  10. DHL.

  11. SunTrust Bank.

  12. Desjardins.

  13. DocuSign.

  14. Societe Generale.

  15. BNP Paribas.

  16. Dropbox.

  17. Credit Agricole.

  18. Orange.

  19. Google.

  20. Yahoo. 

  21. Impots.

  22. Wells Fargo.

  23. AT&T.

  24. Adobe.

  25. Comcast.

Many of these are companies you probably use. Therefore, you may be included in a customer list somewhere on the dark web and be a target. Watch out carefully for emails that come from these sources. Evaluate if they sound suspicious or not and ask yourself a few questions before reacting. 

  • Do they have an urgency to them? 

  • Are they threatening to close or suspend your account? 

  • Did they alert you to a prize for winning something when you didn’t enter any contest?

  • Does the email demand that you take some action “immediately?”

If so, they are probably phishing scam attempts, and you should be wary. Phishing email attempts have one of two objectives; either steal your information for identity theft or install malware on your device to do even more harm later.

How to Protect Yourself Against Phishing Attacks

phishing prevention

Data phishing are one of the biggest problems facing our digital age. However, if you keep a cool head, arm yourself with information, and follow the tips below, you should stay safe.

  • NEVER click a link in an email, no matter how legitimate it appears to be. Visit the website by going to the URL in a new browser window or calling your bank or company directly to check if you think there might be a problem.

  • Do not download attachments, software, or apps from anywhere except trusted developers/sources.

  • Don’t give out personal information, especially online, when asked for it. Most banks or other companies will not require you to provide the information which they already have.

  • Do not be lured in by the panicked email. Look for errors in grammar, misspellings, and hold your mouse over links. Even though links can be masked, most criminals don’t even bother. If you see a long link that clearly doesn’t match up with the sender, delete it.

  • Check the “sent” email address. Again, if it doesn’t match up or looks suspicious, contact your bank or the company and ask them about it.

  • Be especially cautious of emails alerting you that you have won a prize. If it sounds too good to be true, it probably is. 

  • Watch out for short URLs in emails, they could indicate a fake. 

  • Install antivirus software on your computer that also protects against data phishing attempts. Run deep scans often.

  • If you believe your account may have been hacked, change your password at the company that you received the fake message from; their customer lists may have been breached. Also, make sure to make the password strong and different from your other passwords. That way, they won’t breach all your accounts.


Symantec estimates about 135 million phishing emails go out per day! So, be careful and watch your back and your inbox.

About the Author
IDStrong Logo

Related Articles

Secure Wi-Fi and Wireless Technology Security Tips

Your Wi-Fi network is another handy access point that hackers use to infiltrate your computers, st ... Read More

How Does a VPN Work and How to Choose one

VPN stands for Virtual Private Network. It allows you to hide your public IP address and browse pr ... Read More

Complete Guide to Android Security

The Android platform offers a ton of flexibility and customization for users. However, all that fr ... Read More

Increase Your Google Privacy Settings in 4 Easy Steps

In this time of digital transparency and data breaches, it’s more important than ever to fee ... Read More

Instagram Privacy Policy: What You Should Know?

Instagram is a great place to share your best photos and messages with your followers, but have yo ... Read More

Latest Articles

Data Breach of Healthcare Management Solutions, LLC Affects Half-a-Million People

Data Breach of Healthcare Management Solutions, LLC Affects Half-a-Million People

Healthcare Management Solutions, known as a healthcare-related consulting company from West Virgini, has over 100 employees and brings in nearly $20M annually.

How to Remove Hard Inquiries from a Credit Report

How to Remove Hard Inquiries from a Credit Report

A credit score is an invisible number, yet it often feels like it controls our lives. It determines what we can buy and how much we'll have to pay.

What is Endpoint Security, and Why is it Important?

What is Endpoint Security, and Why is it Important?

Businesses can make every effort to beef up corporate network security, but those improvements mean very little if criminals choose to break into an already connected device.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address
Close