Special | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | ALL
Phishing is the most common form of social engineering attack.
Phishing occurs when a threat actor impersonates a trusted entity through email to try and fraudulently obtain personal information, financial information or access to systems. The email prompts the targeted individual to act. The action could be to click on a link, provide information, open an attachment, download a file, or provide remote access to a workstation. This action provides the threat actor with information or access to a system.
Phishing uses email to solicit your information by posing as a trustworthy person or entity. For example, the threat actor may send emails disguised as your boss or a financial institution requesting your account information.
The threat actor will use this information to gain access to your online accounts. Once the threat actor has access to your accounts, they may use this access to carry out a larger cyber attack.
How to spot a phishing attack
There are ways to detect these types of attack. Here are some common indicators:
You should always be vigilant and watch for these indicators. However just because a communication has one of these indicators doesn’t mean that it is an attack.
If you are suspicious, confirm the request with the sender prior to taking any action requested in the message. If you don’t recognize the sender or their email address doesn’t match their name, report the message.
What to do if you receive a suspected phishing email
Follow the steps for responding to a social engineering attack.
What to do if you fall victim to a phishing email
If you think that you may have been the victim of phishing, follow these steps in this section: