Phishing occurs when a person or group (the phisher) sends some form of unsolicited communication in order to trick the victim into taking an action that furthers the goal(s) of the phisher.
- Usually the communication is email, but it can also be social media, phone call, text, etc.
- The action of the phishing attack could be sending money to the phisher, responding with personal informatino (ssn, passwords credit card info), clicking a link, or opening an attachment.
- The goal of a phishing attack is usually to make money, steal an identity (to commit crimes, open credit, etc), install malware, hack accounts to be used in additional phishing attacks, or do reputation damage.
- Many different tricks can be used to make the user more likely to perform the target action from pretending to be a trusted entity (your bank, Social Media companies or a hacked account, etc) to faking urgency or including a time limit.
To see examples of actual phishing attacks, visit the phishbowl site at https://www.utdallas.edu/infosecurity/phishbowl/
For more information, contact the Information Security office at firstname.lastname@example.org or 972.883.6810.