This is a common term often mentioned when we talk about cyber attacks or hackers. Phishing attacks are one of the most common methods to acquire data and information, but what is the purpose of a phishing attack?
A phishing attack is a type of social engineering tactic that is used by hackers to gain sensitive data such as passwords or credit card details. This is usually achieved through fraudulent communication (most commonly via email) whereby they pretend to be someone else, often an authoritative figure or well-known company. They use this persona to then manipulate users’ into giving up their data.
In emails they may insert links which when clicked will install malware into your computer. Alternatively they may add attachments, which serve the same purpose. Once the malware is installed they are able to access your device and potentially the whole network to gain the information they want. Previously, we’ve discussed what is phishing in more detail and how to prevent social engineering attacks.
The overall goal of a phishing attack is usually to gain sensitive data such as logins and passwords from their victims in order to access the targeted network or company .
One of the main purposes of doing this is to get a foothold into the device/network to gather and find the information they want. This is mainly for financial gain so it could be credit card details, or something more sinister such as personal information for them to sell on the dark web. Sometimes they may directly try to manipulate users into providing them with their bank details, or they may go down the malware route.
Phishing attacks are one of the simpler social engineering tricks that hackers use as less work is involved. There is no complex hacking needed, and like many other social engineering tactics, it relies on the manipulation of human nature to provide access without the user realising it. This means that your computer/device/network can have the strongest cyber security software from antivirus and anti-malware to end to end security, and still be a victim of a phishing attack. This is because they target the weakest link in the chain; the users.
There are many reasons why criminals would choose phishing attacks over other social engineering methods. These include: