One of the most common cyber-attacks, phishing operates through emails which are often convincing and appear to come from legitimate senders. These messages entice their targets to click on links or attachments which, in turn, facilitate theft or fraud.
Phishing uses scam emails to convince users to click on a malicious attachment or link. Emails may create a sense of fear, urgency or opportunity to encourage recipients to click on a link or open an attachment that then infects their machine with a virus or malware. This then allows criminals to steal information or money, disrupt business operations and/or destroy data.
While many fraudsters act randomly, some target specific groups of employees or customers. This is called spear phishing. One example is CEO fraud, where criminals impersonate senior executives and instruct colleagues to transfer money to them.
Another tactic is payment diversion fraud. Criminals will send an email claiming to be from a supplier. It says its bank details have changed so funds should be transferred to another account instead.