What do phishing emails do

Here are the latest Insider stories. More Insider Sign Out. Sign In Register. Sign Out Sign In Register. Latest Insider. Check out the latest Insider stories here. More from the IDG Network. Vishing explained: How voice phishing attacks scam victims. What is spear phishing? Why targeted email attacks are so difficult to stop.

What is pretexting? Definition, examples and prevention. Phishing definition Phishing is a cyber attack that uses disguised email as a weapon. Some phishing scams have succeeded well enough to make waves: Perhaps one of the most consequential phishing attacks in history happened in , when hackers managed to get Hillary Clinton campaign chair John Podesta to offer up his Gmail password. The "fappening" attack, in which intimate photos of a number of celebrities were made public , was originally thought to be a result of insecurity on Apple's iCloud servers, but was in fact the product of a number of successful phishing attempts.

In , employees at the University of Kansas responded to a phishing email and handed over access to their paycheck deposit information , resulting in them losing pay. What is a phishing kit? Related: Phishing Network Security Security. Josh Fruhlinger is a writer and editor who lives in Los Angeles. Microsoft's very bad year for security: A timeline. Also known as a phishing scam, an email scam involves using emails and fraudulent websites to steal sensitive information such as passwords, credit card numbers, account data, addresses, and more.

Phishing scams also can be executed through text messages. These emails and texts are crafted to appear legitimate, such as messages from your bank or another trusted source. They often request your personal information, which criminals can then use to commit identity theft. What should you do if you find yourself a victim of an email or text scam? Email scams seek to profit from your personal information. Once thieves have your sensitive data, they can use it to commit a variety of crimes — or they can sell it on the dark web.

Phishing is an online fraud scheme designed to trick victims into clicking on a compromised email or text link or opening a fraudulent attachment. From there, you are encouraged to enter your access credentials. Once you do, however, the scammers have captured your login information and can then access the authentic site to steal more of your personal information or make purchases. Another example is you may open an email attachment that is embedded with malware which then infects your device.

These viruses could capture your login credentials when you access your accounts or take control of your devices. Types of sensitive information stolen could include your bank and credit card account numbers, passwords, even your Social Security number SSN — any personal data that may be stored and visible in those accounts. The consequences can be devastating. Scammers who have accessed your personally identifiable information, like your SSN, date of birth, or passwords, may be able to take on your identity and commit different types of identity theft, fraud or other crimes.

A thief who has accessed or gathered several pieces of your personal information, like your SSN, date of birth, full name, and address may be able to use this information to commit credit card fraud, bank fraud, computer fraud, wire fraud, mail fraud, and employment fraud.

How does this happen? With these pieces of sensitive information, a fraudster can then do things like fill out false applications for loans, credit cards, or bank accounts in your name or withdraw money from your accounts. Scammers could use your personal information in fraudulent interactions with the government. For instance, they could use your SSN and other personal information to submit an income tax return and claim your tax refund.

This is known as tax-related identity theft, tax refund fraud, and stolen identity refund fraud. Scammers may use your SSN and other personal information to assume your identity in law enforcement matters. Phishing attack examples The following illustrates a common phishing scam attempt: A spoofed email ostensibly from myuniversity. Instructions are given to go to myuniversity. Several things can occur by clicking the link. For example: The user is redirected to myuniversity.

The attacker, monitoring the page, hijacks the original password to gain access to secured areas on the university network.

The user is sent to the actual password renewal page. This results in a reflected XSS attack, giving the perpetrator privileged access to the university network. See how Imperva Web Application Firewall can help you with phishing attacks.

Request demo Learn more. Article's content. Latest Blogs. DDoS Mitigation Application Security. Grainne McKeever. Yohann Sillam , Ron Masas. These updates could give you critical protection against security threats.

Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:. Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.

Protect your data by backing it up. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.

If you get an email or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with the company or know the person that contacted me?