In phishing, the attacker tries to obtain sensitive information such as debit/credit card details, login details (like usernames, passwords, etc.) by pretending to be someone else, often masquerading as a trustworthy entity, e. g. an employee of a bank, payment processors or as such. The attacker may use email, phone, WhatsApp, Facebook, etc. to communicate with you.
Let’s consider a phishing attack.
You received an email like below:
We have recorded an attempt to withdraw Rs. 2,000/- from your saving account. If it is not you, please visit the link below and verify your account information.
Your bank name
You clicked the link and landed on a web page which asks you to login to your online banking account. This webpage may look similar to that of your bank but it is actually a website that the hacker controls. Once you enter the details, the data is sent to the attacker instead of the bank.
Here the attacker lured you into clicking the link and thereby revealing your details. Furthermore, to give the email more legitimate look the attacker sometimes may be able to forge the actual email id of the entity he or she is pretending to, may add logos or other legitimate signs.
Many incidents are recorded where people receive phone calls from fraudsters posing as officials of banks or government agencies and thereby successfully con the victims. Phishing attack may not only reveal your bank credentials but may be targeted to access your email account, Facebook passwords or as such.
Let’s consider another phishing attack.
You received the following message on Facebook:
To view the latest events happening in your locality, please visit this link.
You clicked the link and landed on a web page which asks you to re-login to your Facebook account to visit the web page. This web page may look similar to the Facebook login page you are familiar with.
You enter your details and those details are sent to the attacker instead of Facebook and you landed on a web page containing some latest news.
Here the attacker lured you into revealing your credentials and thereby gaining access to your Facebook account.