"Smishing" redirects here. For the act of swapping items, see Swishing.
An example of a phishing email, disguised as an official email from a (fictional) bank. The sender is attempting to trick the recipient into revealing confidential information by prompting them to "confirm" it at the phisher's website. The email deliberately misspells some words.
Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information[1] or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.[2] As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.[3]
The term "phishing" was first recorded in 1995 in the cracking toolkit AOHell, but may have been used earlier in the hacker magazine 2600.[4][5][6] It is a variation of fishing and refers to the use of lures to "fish" for sensitive information.[5][7][8]
Measures to prevent or reduce the impact of phishing attacks include legislation, user education, public awareness, and technical security measures.[9] The importance of phishing awareness has increased in both personal and professional settings, with phishing attacks among businesses rising from 72% to 86% from 2017 to 2020.[10]
^Jansson, K.; von Solms, R. (2011-11-09). "Phishing for phishing awareness". Behaviour & Information Technology. 32 (6): 584–593. doi:10.1080/0144929X.2011.632650. ISSN 0144-929X. S2CID 5472217.
^Ramzan, Zulfikar (2010). "Phishing attacks and countermeasures". In Stamp, Mark; Stavroulakis, Peter (eds.). Handbook of Information and Communication Security. Springer. ISBN 978-3-642-04117-4.
^"Internet Crime Report 2020" (PDF). FBI Internet Crime Complaint Center. U.S. Federal Bureau of Investigation. Retrieved 21 March 2021.
^Ollmann, Gunter. "The Phishing Guide: Understanding and Preventing Phishing Attacks". Technical Info. Archived from the original on 2011-01-31. Retrieved 2006-07-10.
^ abWright, A; Aaron, S; Bates, DW (October 2016). "The Big Phish: Cyberattacks Against U.S. Healthcare Systems". Journal of General Internal Medicine. 31 (10): 1115–8. doi:10.1007/s11606-016-3741-z. PMC 5023604. PMID 27177913.
^Stonebraker, Steve (January 2022). "AOL Underground". aolunderground.com (Podcast). Anchor.fm.
^Mitchell, Anthony (July 12, 2005). "A Leet Primer". TechNewsWorld. Archived from the original on April 17, 2019. Retrieved 2021-03-21.
^"Phishing". Language Log, September 22, 2004. Archived from the original on 2006-08-30. Retrieved 2021-03-21.
^Jøsang, Audun; et al. (2007). "Security Usability Principles for Vulnerability Analysis and Risk Assessment". Proceedings of the Annual Computer Security Applications Conference 2007 (ACSAC'07). Archived from the original on 2021-03-21. Retrieved 2020-11-11.
^Lin, Tian; Capecci, Daniel E.; Ellis, Donovan M.; Rocha, Harold A.; Dommaraju, Sandeep; Oliveira, Daniela S.; Ebner, Natalie C. (September 2019). "Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content". ACM Transactions on Computer-Human Interaction. 26 (5): 32. doi:10.1145/3336141. ISSN 1073-0516. PMC 7274040. PMID 32508486.
Complaint Center reporting more incidents of phishing than any other type of computer crime. The term "phishing" was first recorded in 1995 in the cracking...
Available For Record Store Day". Phish. 4 March 2013. Retrieved 23 September 2018. Arnum, Eric. "Digital Flashback: Phishing For Tapes On Web". MTV News....
Voice phishing, or vishing, is the use of telephony (often Voice over IP telephony) to conduct phishing attacks. Landline telephone services have traditionally...
The list of phishing incidents covers important or noteworthy events in the history of phishing. 1984 An early phishing incident was documented at the...
Simulated phishing or a phishing test is where deceptive emails, similar to malicious emails, are sent by an organization to their own staff to gauge their...
Rock Phish refers to both a phishing toolkit/technique and the group behind it. At one time the Rock Phish group was stated to be behind "one-half of...
Phish is an American rock band noted for their live concerts and improvisational jamming. Audience recordings of Phish's live shows have been traded among...
the top 5 Phishing hosts as measured by their Phishing Attack Score. The phishing attack score takes into account the raw number of phishing attacks relative...
PhishTank is an anti-phishing site. PhishTank was launched in October 2006 by entrepreneur David Ulevitch as an offshoot of OpenDNS. The company offers...
Pradeep K. (2016-10-26). "A survey and classification of web phishing detection schemes: Phishing is a fraudulent act that is used to deceive users". Security...
to a wave of phishing attacks utilizing Microsoft 365 in early 2021, Microsoft uses algorithms to automatically detect and block phishing attempts with...
her in tracking down the voice phishing leader. Lee Moo-saeng as Oh Myung-hwan, the head of a Chinese voice phishing organization that controls hundreds...
unable to prevent unnamed phishing exploits that sit on Yahoo, Google etc. Email spoofing – Creating email spam or phishing messages with a forged sender...
Phishing happened in June 2015 to Ubiquiti Networks Inc, a network technology company based in the United States. During this act of Spear Phishing Ubiquiti...
passwords. Apple claimed in a press release that access was gained via spear phishing attacks. The incident was met with varied reactions from the media and...
implement a breaking change. Phishing Hacker (computer security) Claburn, Thomas (2010-05-25). "Tabnapping attack makes phishing easy". Information Week....
Global Information