Inside Zone: Phishing

Inside Zone: Phishing

What exactly is phishing?

Phishing is an attack in which the threat actor disguises himself as a trusted person or organization in order to dupe potential victims into sharing sensitive information or sending money. There are several ways to reel in a victim, just like in real fishing:

Three common types are email phishing, smishing, and vishing. Some attackers use a more targeted approach, such as spear phishing or whale phishing (more on the types of phishing below).

Who is the intended victim of phishing?

A phishing attack can be directed at anyone, but some types of phishing are directed at very specific people.

Some threat actors will send a generic email to a large number of people, hoping that a few will fall for the bait based on a common trait.

As an example, say something is wrong with your Facebook or Amazon account and you need to log in and fix it right away. The link would most likely take you to a spoofed webpage where you could give away your login information.


It is a form of phishing in which an attacker uses a compelling text message to trick targeted recipients into clicking a link and sending the attacker private information or downloading malicious programs.

Text messages can be received from any number in the world by most of the 3.5 billion smartphones in the world. Email users are already aware of the dangers of clicking links within emails.

Clicking links in text messages can be dangerous. Fewer people are aware of this.

Smishing is often lucrative for attackers phishing for credentials, banking information and private information since users trust text messages more than emails.


A phishing attack using voice is called vishing, which is a mashup of “voice phishing”. Phone calls are not the only means of communication. An SMS attack, for example, is often the first step in this type of attack. Smishing and vishing are often confused because of this. Despite the similar goals, the techniques used in each differ slightly.

Email Phishing

One of the most common types of phishing is email phishing. It’s been around since the early days of e-mail. The attacker sends an email posing as someone trustworthy and familiar (online retailer, bank, social media company, etc.) and requests that you click a link to perform a critical action or download an attachment.

Here are some specific examples of email phishing:

Business email compromise (BEC): A business email compromise (BEC) attack attempts to deceive someone in an organization’s finance department, usually the CFO, into sending large sums of money. Attackers frequently employ social engineering techniques to persuade the recipient that sending the money is urgent and necessary.

As always, we recommend that you use antivirus/anti-malware security software such as Threat Zone. Most cybersecurity tools can detect when a link or attachment isn’t what it appears to be, so even if you fall victim to a clever phishing attempt, you won’t end up sharing your information with the wrong people. You can even try Threat Zone Secure Mail for free before purchasing.

Thanks for reading!

Check us our product 👉

Follow us at Twitter and Linkedin 👇