Phishing is one of the most common cyber threats. The technique is used by cyber criminals with the goal of luring victims into doing exactly what they want. The cyber criminal could be after any kind of data: from birthdates to online banking credentials. Their goal could also be to get their victim to download malware.
Social engineering is often used as a weapon against the victim. It is common for phishers to attempt to pull on the emotional heartstrings of victims in order to get the victim to do what they want them to do. Commonly targeted emotions include: hope, curiosity, and necessity. Scam emails may include messages of the promise of money, include wording that gets you to wonder what happens next and/or instill a sense of urgency that action needs to be taken.
Another tactic that phishers will use is to exploit human vulnerabilities and anxieties with current events. For example, COVID-19-related phishing emails were very popular and successful at the peak of the pandemic. In addition, tax-related phishing emails commonly occur during tax season.
Spear Phishing Attacks
When a phishing attack is targeted at one person or a small group of people, this is known as a spear phishing attack. This type of attack generally requires a little more knowledge about the target and can include personal details to make the email seem more legitimate. This type of attack is also less likely to be picked up by phishing filters than the common phishing attempt.
Provide Phish Training
Not all phishing emails are caught by email filters. This is why teaching employees how to spot a phishing email will offer further protection from falling victim to a phishing attack.