Executive Summary
Phishing is a cyber-attack in which scammers use deceptive emails or messages, pretending to be from trusted entities, to trick individuals into revealing personal information, such as passwords and credit card numbers. Examples include email phishing, spear phishing targeting specific individuals, vishing (a phone call), and SMS smishing. Phishing emails often contain urgent requests or threats to prompt action, leading to data theft or financial loss. Always verify the source and avoid clicking on suspicious links.
The Adversary’s Actions and Tactics
Here is a classic example of a very sophisticated phishing attempt. Notice the email address where it is coming from. Domain name @outlook.com is a dead giveaway here.
However, there are way more sophisticated phishing attempts out there. Business email compromises produced over $2.9 billion in 2023 alone! https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
If you would like to learn more (and you defiantly should), here is a link to the Federal Trade Commission https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
Key Takeaways
Key takeaways from phishing include being cautious of unsolicited communications, verifying the sender’s identity before responding, not clicking on suspicious links, and avoiding sharing personal information via email or phone with unknown sources. Always update your software for the latest security protections.