What is Phishing and How Does it Work?

Posted on by David Lukic in Security Tips November 12, 2020
https://content.infopay.net/storage/thumbnails/swzTawcWsxBay02VrUFBHxWCJuxlLgJu952ExvMc.jpg

Phishing scams have become a major enterprise in the world of cybercriminals. Most likely, you have heard the word phishing attacks brandished around, but you do know what it means? Well, you should because you just may be the next victim. 

What is Phishing?

What is Phishing

Phishing scams are scams carried out via email, text, social media, or through an app. It is also one of the easiest ways that criminals steal your information or identity. Unfortunately, because phishing scams are so easy and the victims are ignorant of the dangers, millions of dollars are lost every year to these types of scams. Experts claim that 1.4 million new malicious websites show up on the web each month!

How Does Phishing Work?

Phishing Attack

According to Verizon’s Data Breach Investigations Report, one-third of all data breaches were the result of phishing email. Unfortunately, that percentage is much higher (78%) for other types of cyberattacks. The idea behind the name phishing comes from “fishing” where you cast a line and hope for a bite. Crooks initiating phishing attack campaigns are getting more sophisticated and harder to catch all the time. They use social engineering tactics to scare and dupe innocent victims into giving away personal information that they would never do if they weren’t panicked. 

A phishing attack campaign works by the cybercriminal picking a target group. It might be the customers of a well-known bank. They then troll the dark web and purchase or barter for a list of customers. They then design an email using the bank’s own logos, colors, fonts, and sometimes even text from a legitimate bank email and design a fake message. They typically imply a threat of “closing your account” or claiming there has been a breach of some sort. They hope to panic you into clicking the link and not thinking. Once you do, you are taken to a “spoofed” website, which looks like the bank’s but is not. You are then asked to enter your account credentials or other financial information, and unfortunately, because it wasn’t the bank, the cooks now have your login or bank information. 

Another objective is sometimes rather than take you to a website, clicking the link in the email infects your computer with trojan virus or worm. These can be devastating and take control of your computer and network, steal your files and information, spy on you, lock your computer until you pay a ransom, or steal your identity and open up lines of credit in your name. There are many different nefarious goals for these types of attacks.

Most disturbingly is that some hackers even sell “phishing kits” on the dark web so that even non-technical crooks can use them to pull off phishing scams successfully. Some even come complete with a video and typed instructions. Often the developer will take a cut of the proceeds. 

List of the Top Companies Used in Phishing Emails

Phishing Email

Phishers’ Favorites came up with a list of the top companies that are used by cybercriminals to trick victims into believing they are real. They will spoof email addresses from them, obfuscate links and copy graphics and design elements to make the messages look very real. The top companies faked are:

  1. PayPal.

  2. Microsoft.

  3. Netflix.

  4. Facebook.

  5. Bank of America.

  6. Apple.

  7. Chase.

  8. CIBC.

  9. Amazon.

  10. DHL.

  11. SunTrust Bank.

  12. Desjardins.

  13. DocuSign.

  14. Societe Generale.

  15. BNP Paribas.

  16. Dropbox.

  17. Credit Agricole.

  18. Orange.

  19. Google.

  20. Yahoo. 

  21. Impots.

  22. Wells Fargo.

  23. AT&T.

  24. Adobe.

  25. Comcast.

Many of these are companies you probably use. Therefore, you may be included in a customer list somewhere on the dark web and be a target. Watch out carefully for emails that come from these sources. Evaluate if they sound suspicious or not and ask yourself a few questions before reacting. 

  • Do they have an urgency to them? 

  • Are they threatening to close or suspend your account? 

  • Did they alert you to a prize for winning something when you didn’t enter any contest?

  • Does the email demand that you take some action “immediately?”

If so, they are probably phishing scam attempts, and you should be wary. Phishing email attempts have one of two objectives; either steal your information for identity theft or install malware on your device to do even more harm later.

How to Protect Yourself Against Phishing Attacks

Phishing Scams

Phishing scams are one of the biggest problems facing our digital age. However, if you keep a cool head, arm yourself with information, and follow the tips below, you should stay safe.

  • NEVER click a link in an email, no matter how legitimate it appears to be. Visit the website by going to the URL in a new browser window or calling your bank or company directly to check if you think there might be a problem.

  • Do not download attachments, software, or apps from anywhere except trusted developers/sources.

  • Don’t give out personal information, especially online, when asked for it. Most banks or other companies will not require you to provide the information which they already have.

  • Do not be lured in by the panicked email. Look for errors in grammar, misspellings, and hold your mouse over links. Even though links can be masked, most criminals don’t even bother. If you see a long link that clearly doesn’t match up with the sender, delete it.

  • Check the “sent” email address. Again, if it doesn’t match up or looks suspicious, contact your bank or the company and ask them about it.

  • Be especially cautious of emails alerting you that you have won a prize. If it sounds too good to be true, it probably is. 

  • Watch out for short URLs in emails, they could indicate a fake. 

  • Install antivirus software on your computer that also protects against phishing attack attempts. Run deep scans often.

  • If you believe your account may have been hacked, change your password at the company that you received the fake message from; their customer lists may have been breached. Also, make sure to make the password strong and different from your other passwords. That way, they won’t breach all your accounts.


Symantec estimates about 135 million phishing emails go out per day! So, be careful and watch your back and your inbox.

About the Author
IDStrong Logo

Related Articles

Secure Wi-Fi and Wireless Technology Security Tips

Your Wi-Fi network is another handy access point that hackers use to infiltrate your computers, steal you... Read More

How Does a VPN Work and How to Choose one

VPN stands for Virtual Private Network. It allows you to hide your public IP address and browse privately... Read More

Complete Guide to Android Security

The Android platform offers a ton of flexibility and customization for users. However, all that freedom d... Read More

Increase Your Google Chrome Privacy Settings in 4 Easy Steps

In this time of digital transparency and data breaches, it’s more important than ever to feel like you ... Read More

FREE IDENTITY THREAT SCAN
Scan Your Records for Breaches, Leaks & Exposures!