What is phishing?

What is phishing and what is the fraudster's goal? 

With '' phishing '', a fraudster tries to trick people over the internet. The fraudsters gain your trust by posing as your bank, a government agency, a helpdesk, ... They persuade you to reveal personal information, such as your password and credit card numbers. With these, they can then steal money from your bank, or log into your account. 

Fraudsters also use phishing to get you to install malicious code on your computer. Think of a virus that infects or encrypts all files on the computer (ransomware) or steals trade secrets (spyware). 

Which tools do fraudsters use to "phish"? 

Phishing methods evolve fast. The classics are the following: 

  • E-mail is still the most commonly used. For example: the fraudsters send you an email containing a link to click on, or an attachment to open.

  • In Smishing (SMS + phishing), fraudsters use text or WhatsApp messages. For example: you receive a text message or WhatsApp that contains your bank's logo. The message contains a link to download the latest version of the bank's app.

  • Vishing (voice + phishing) involves fraudsters calling you and claiming to be from a helpdesk. They ask for your password or request you to do certain actions such as download files. For example: someone calls you on behalf of Microsoft because a problem was detected with your computer.

Who is likely to be attacked with phishing? 

Everybody can be the target of a phishing attack.  

  • Mass phishing: the fraudsters send a message to addresses chosen by chance, without knowing anything about their victims. The mail is generic. This fraud is often immediately recognisable. For example: you receive an e-mail from a bank, but you are not a customer there. Or you should pay a fine for a traffic violation in the Netherlands, but you have not been there.

  • Spear Phishing: the fraudsters target a particular group of people, via lists of names and e-mail addresses they have stolen or bought. The mail will therefore often address you personally, using your first name. For example: you receive an e-mail from your provider to perform an update. Your provider's logo and corporate identity are perfectly recreated in the mail. 

  • Whaling: the fraudsters specifically target people in high positions, such as the director of a company. They use information found on social media to make the victim feel that the e-mail is genuine. Read more here: "Watch out for CEO fraud".