What is Phishing?

What is Phishing?#

Phishing is a widespread type of cyber attack where criminals impersonate trusted entities to steal sensitive data, such as credit card numbers, login credentials, and personal information. Typically executed through email, these attacks can also occur via text messages or social media. Phishing is considered a form of social engineering, where attackers use information to manipulate individuals into giving away sensitive information.

---

How Phishing Attacks Work#

Phishing campaigns are crafted with a high attention to detail and a strong emphasis on urgency to prompt quick action from the target. Here's a breakdown of the phishing process:

Typical Phishing Scenario#

• The target receives an email that appears to be from a reputable source, such as a financial institution.
• The message contains a sense of urgency or a threat that prompts immediate action.
• A link within the email directs the user to a fraudulent website that mirrors the legitimate one.
• Once on the site, the user is tricked into entering sensitive information, which is then stolen by the attackers.

Key Techniques Used in Phishing#

• Email Spoofing: Crafting email addresses that appear nearly identical to those of reputable companies.
• Link Manipulation: Embedding malicious links that redirect users to phishing sites.
• Website Forgery: Creating high-quality replicas of legitimate websites to collect user credentials.

Types of Phishing Attacks#

Phishing takes various forms, each designed to steal data or infiltrate networks:

• Spear Phishing: Targets specific individuals or organizations with personalized information.
• Whaling: Aims at high-profile targets like CEOs or CFOs to steal large sums or sensitive corporate data.
• Business Email Compromise (BEC): Impersonates high-level executives to trick employees into transferring money or sensitive information.
• Clone Phishing: Involves creating nearly identical replicas of legitimate emails with malicious attachments or links.
• Vishing (Voice Phishing): Uses fake caller ID information to appear as if coming from a legitimate source, often asking for payment or personal information over the phone.

---

Phishing FAQs#

How can you protect yourself from phishing attacks?#

• Be cautious with emails requesting urgent action or containing links/attachments. Verify the sender by checking their email address closely, and look for generic greetings and spelling errors.

What should you do if you suspect a phishing attempt?#

• Do not click on any links or download attachments from suspicious emails. Report the attempt to your IT department or relevant authorities and delete the message.

How do phishing attackers choose their targets?#

• Phishers often target individuals who have access to important financial accounts or personal data. They use publicly available information to find potential victims and tailor their messages accordingly.

What are the latest trends in phishing techniques?#

• Phishers are increasingly using sophisticated methods like artificial intelligence to craft more convincing emails and are exploiting current events and personal information to lure victims.

About Corbado

Corbado is the Passkey Intelligence Platform for CIAM teams running consumer authentication at scale. We help you see what IDP logs and generic analytics tools can't: which devices, OS versions, browsers and credential managers support passkeys, why enrollments don't turn into logins, where the WebAuthn flow fails and when an OS / browser update silently breaks login, all without replacing Okta, Auth0, Ping, Cognito or your in-house IDP. Two products: Corbado Observe layers observability for passkeys and any other login method. Corbado Connect adds managed passkeys with analytics built in (alongside your IDP). VicRoads runs passkeys for 5M+ users with Corbado (+80% passkey activation). Talk to a Passkey Expert →