Phishing: The dangers of email

- [Instructor] If you're watching this course, you've probably heard of phishing before. Chances are that if you have an email address, you've received a phishing email at some point. According to a Proofpoint study, 75% of organizations around the world experienced a phishing attack in 2020. In the US alone, 74% of attacks were successful. There's a reason why there's a lot of buzz surrounding phishing. If you checked out my previous course, you'd know that phishing is one of the most popular methods of social engineering. Phishing is when someone sends a message, trying to trick you, most often by pretending to be another person or company. The term phishing was coined around 1996 by attackers targeting AOL accounts. The word comes from the practice of fishing. Attackers use a lure or bait in a metaphorical sea of internet users and hooks 'em. Pretty straightforward, huh? Since it is manipulation, phishing attacks can change forms depending on the target and the investment of time put into the attack. Sometimes it comes in the form of imitating popular brands, like Amazon and Bank of America. With this method, cyber criminals are hoping to benefit from the reputation and built-in trust associated with those brands. The other hope here is that because of this trust and reputation, your suspicions wouldn't fire up, increasing the possibility that you could click on anything found in the email. If you're someone who has gone paperless, you may be accustomed to seeing certain emails from legitimate brands that you trust. When an imitation comes along with the same look and wording that you've learned to expect, you may not catch certain red flags that could appear. You may also click on something without thinking twice. This is what the attackers are hoping for. In the past, phishing emails came in the form of a desperate Nigerian prince that needed assistance to claim his inheritance or a chain letter email that stated dire consequences if not forwarded. No matter the way the message looks, and no matter what the message says, the end goal is always similar. Getting someone to take an action they wouldn't normally take. This action will be in favor of the attacker, mostly resulting in some form of financial gain or private information acquisition. An example of an action that could be taken because of a phishing email is putting your credentials into a form on a fake website that looks like a legitimate one. When this happens, you may get an error that your password doesn't work or you may be taken to a blank page, not knowing that your credentials were taken. Another example of an action that can be taken is clicking a link that will download malware onto your machine. We will explore what this looks like later on. Sometimes phishing emails aren't as sophisticated. They can come in the form of a blank email or a email with the words, hey, are you available? Written in the body of the message. While these emails seem harmless, the attacker's hope is that you respond to them and play a role in their attack. In my experience, this has resulted in a request to purchase gift cards for the attacker, among other things. Phishing isn't exclusive to email though. There's SMS phishing, which is phishing by SMS or text messaging. There's vishing, which is phishing by phone. As we continue through this course, we'll look at ways to spot different kinds of phishing attacks.