The origin of the name “phishing” is easy to trace. The process of carrying out a phishing scam is very similar to that of fishing. The hook is prepared thinking of deceiving a victim, and then it is cast and waits for it to bite.
Phishing is the crime of tricking people into sharing confidential information such as passwords and credit card numbers. As in fishing, there is more than one way to catch a victim, but there is a phishing tactic that is the most common. Victims receive an email or text message that mimics a trusted person or organization, such as a coworker, bank or government office. When the victim opens the email or text message, they find a message intended to frighten them, with the intention of weakening their good judgment by instilling fear. The message demands that the victim go to a website and act immediately or they will face consequences.
And if in the worst case the user takes the bait and clicks on the link, they are sent to a website that is an imitation of the legitimate one. From here, you are asked to sign in with your username and password credentials. If you are naive enough and do so, the login information reaches the attacker, who uses it to steal identities, loot bank accounts, and sell personal information on the black market.
But why Phishing is the simplest form of Cyberattack?
Unlike other types of Internet threats, phishing does not require particularly sophisticated technical knowledge. In fact, according to experts focused on this topic, phishing is the simplest form of cyberattack and, at the same time, the most dangerous and effective, and this is because it attacks the most vulnerable and powerful computer on the planet: the human mind.
Phishing authors do not try to exploit a technical vulnerability in your device’s operating system, but instead use “social engineering”. From Windows and iPhones to Macs and Androids, no operating system is completely safe from phishing, no matter how strong its security is. In fact, attackers often resort to phishing because they cannot find any technical vulnerabilities. Why waste time trying to bypass layers of security when you can trick someone into giving you the key? In most cases, the weakest link in a security system is not a hidden flaw in the computer code, but a person who does not verify the origin of an email.
