Phishing has quickly become one of the most common risks on the internet with even the most tech-savvy organisations and mindful individuals falling victim to attacks.
The Anti-Phishing Working Group (APWG) says it observed a record-breaking 250% surge in phishing attacks between October 2015 and March 2016.
The Cambridge dictionary defines ‘Phishing’ as “an attempt to trick someone into giving information over the internet or by email that would allow someone else to take money from them , for example by taking money out of their bank account”. The first step of any phishing scam is social engineering, this involves subconsciously manipulating the human element of technology to gain personal information and can sometimes utilise malware to do so.
APWG says the findings are the highest it has seen since the coalition first began tracking and reporting on phishing back in 2004. According to its latest report, the number of unique phishing websites detected in Q1 totalled 289,371, with more than 123,000 of those sites being discovered in March 2016 alone. However, phishing is just the tip of the iceberg. There is a wide range of different types of social engineering that involve different ways of manipulating or tricking people into releasing private, personal or corporate information.
Pretexting is a form of social engineering where the attacker’s main focus is on creating a good pretext or fabricated scenario. Attackers will use this opportunity to attempt to steal their targets personal information by pretending that they need a certain piece of data from their target in order to confirm their identity. This type of phishing scam requires the attacker to try and build credibility and illustrate a story with their victim that leaves little to no room for doubt.