phishing
Sign in to savePhishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and traverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the Federal Bureau of Investigation's Internet Crime Complaint Center reporting more incident
AI overview
Phishing is a scam where attackers trick people into revealing sensitive information or downloading harmful software by creating fake websites or messages that look legitimate. It matters because phishing has become the most common type of cybercrime, putting millions of people at risk of identity theft, financial loss, and malware infections.
AI-generated from the Wikipedia summary — may contain errors.
Article
32 sectionsContents
- Types
- Email phishing
- <span class="anchor" id="spearphishing"></span> Spear phishing
- Voice phishing (Vishing)
- SMS phishing (smishing)
- Page hijacking
- QR code phishing (quishing)
- Man-in-the-Middle phishing
- Techniques
- Link manipulation
- Social engineering
- History
- Early history
- 2000s
- 2010s
- 2020s
- Anti-phishing
- User training
- Technical approaches
- Filtering out phishing mail
- Browsers alerting users to fraudulent websites
- Augmenting password logins
- Monitoring and takedown
- Multi-factor authentication
- Legal responses
- Notable incidents
- Sector-specific impact
- Healthcare
- See also
- Notes
- References
- External links
Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and traverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the Federal Bureau of Investigation's Internet Crime Complaint Center reporting more incidents of phishing than any other type of cybercrime.
Modern phishing campaigns increasingly target multi-factor authentication (MFA) systems, not just passwords. Attackers use spoofed login pages and real-time relay tools to capture both credentials and one-time passcodes. In some cases, phishing kits are designed to bypass two-factor authentication by immediately forwarding stolen credentials to the attacker's server, enabling instant access. A 2024 blog post by Microsoft Entra highlighted the rise of adversary-in-the-middle (AiTM) phishing attacks, which intercept session tokens and allow attackers to authenticate as the victim.