Phishing

An example of a phishing email, disguised as an official email from a (fictional) bank. The sender is attempting to trick the recipient into revealing confidential information by prompting them to "confirm" it at the phisher's website. The email deliberately misspells some words.

Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information[1] or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.[2] As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.[3]

The term "phishing" was first recorded in 1995 in the cracking toolkit AOHell, but may have been used earlier in the hacker magazine 2600.[4][5][6] It is a variation of fishing and refers to the use of lures to "fish" for sensitive information.[5][7][8]

Measures to prevent or reduce the impact of phishing attacks include legislation, user education, public awareness, and technical security measures.[9] The importance of phishing awareness has increased in both personal and professional settings, with phishing attacks among businesses rising from 72% to 86% from 2017 to 2020.[10]

  1. ^ Jansson, K.; von Solms, R. (2011-11-09). "Phishing for phishing awareness". Behaviour & Information Technology. 32 (6): 584–593. doi:10.1080/0144929X.2011.632650. ISSN 0144-929X. S2CID 5472217.
  2. ^ Ramzan, Zulfikar (2010). "Phishing attacks and countermeasures". In Stamp, Mark; Stavroulakis, Peter (eds.). Handbook of Information and Communication Security. Springer. ISBN 978-3-642-04117-4.
  3. ^ "Internet Crime Report 2020" (PDF). FBI Internet Crime Complaint Center. U.S. Federal Bureau of Investigation. Retrieved 21 March 2021.
  4. ^ Ollmann, Gunter. "The Phishing Guide: Understanding and Preventing Phishing Attacks". Technical Info. Archived from the original on 2011-01-31. Retrieved 2006-07-10.
  5. ^ a b Wright, A; Aaron, S; Bates, DW (October 2016). "The Big Phish: Cyberattacks Against U.S. Healthcare Systems". Journal of General Internal Medicine. 31 (10): 1115–8. doi:10.1007/s11606-016-3741-z. PMC 5023604. PMID 27177913.
  6. ^ Stonebraker, Steve (January 2022). "AOL Underground". aolunderground.com (Podcast). Anchor.fm.
  7. ^ Mitchell, Anthony (July 12, 2005). "A Leet Primer". TechNewsWorld. Archived from the original on April 17, 2019. Retrieved 2021-03-21.
  8. ^ "Phishing". Language Log, September 22, 2004. Archived from the original on 2006-08-30. Retrieved 2021-03-21.
  9. ^ Jøsang, Audun; et al. (2007). "Security Usability Principles for Vulnerability Analysis and Risk Assessment". Proceedings of the Annual Computer Security Applications Conference 2007 (ACSAC'07). Archived from the original on 2021-03-21. Retrieved 2020-11-11.
  10. ^ Lin, Tian; Capecci, Daniel E.; Ellis, Donovan M.; Rocha, Harold A.; Dommaraju, Sandeep; Oliveira, Daniela S.; Ebner, Natalie C. (September 2019). "Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content". ACM Transactions on Computer-Human Interaction. 26 (5): 32. doi:10.1145/3336141. ISSN 1073-0516. PMC 7274040. PMID 32508486.