Many shapes and sizes
Phishing includes many types of fraudulent online activities targeting a group of people or a single senior executive, like with CEO fraud or spear phishing. Legitimate links are often replaced with fraudulent ones. These links appear to lead to a trusted organisation, but are in fact redirecting you to a web page set up to collect your personal information. The main goal of all attacks is to lure victims into sharing personal information, unknowingly providing access to (financial) systems or opening the door to their IT environment for more substantial penetration.
Phishing is only successful if those targeted share information or open an attachment to set off the installation of ransomware. To increase the possibility of that happening, emails are often made to look like the sender is a known person or entity. This is often a third party.
Phishing is an increasingly popular form of cybercrime. The growing amount of information that can be found online, on individuals as well as on companies, makes it easier for malicious parties to create personalised and branded messages that inspire confidence.
To protect your organisation from becoming a victim of phishing, it is important to detect all vulnerabilities, such as the online entry points and current online misuse of your brand or organisation’s name online.