TraceSecurity

What is a Phishing Attack?

Phishing attacks have gained notoriety over the past couple years with the high profile attacks against organizations such as eBay®, Paypal® and Citibank®. The attack is generally based on an initial email. The email will look like it's from a trusted site, such as eBay®. It will then direct the recipient to click on a link included within the email to resolve an issue. In most cases the recipient of the email is informed that they must click this link to either keep their account from being closed or to protect their account through increased security. In all cases, the ultimate goal of the email is that the recipient clicks the link. The link will lead to a web site that is designed to imposter a legitimate web site.

Once at the malicious web site, the user will be required to enter confidential information such as their name, account number and/or password. In most cases, the explanation given for the recipient to enter such information is to validate the user's account for security purposes. In reality, when the user enters their information, it is being stored by the malicious site to be used for illegal purposes.

Ultimately the user is tricked into giving out the confidential information and is completely unaware that they have done so.