Phishing is a technique, typically in the form of an email that is sent to trick people into falling for a scam. Typically, the purpose is to capture sensitive data such as credit card or other financial account information or user credentials such as usernames and passwords.

How Phishing Works

The phishing attack will typically start with a malicious email message, sent to many thousands of recipients. The email would impersonate a well-known brand or organization using the organization’s logos, formatting, or even specific phrases.
The purpose of the phishing email is to create a need to take urgent action and to click on a url or internet link that would direct the consumer to a fake webpage impersonating the actual organization’s login page. The topic of the phishing email may include topics such as threatening account suspension or money loss for your bank account, credit card, utility provider or even your favorite online store. On the fake webpage, the consumer would be encouraged to enter their credentials such as username and password and quickly learn that nothing further occurs. The consumer would then leave the website and think nothing further but unfortunately the malicious phisher has captured important personal details of the consumer allowing them to subsequently steal money by using their user credentials to login to their actual bank account and transfer money out to an external destination controlled by them.