Attackers send fraudulent communications to its target (individual or mass) that appear to come from a reputable source, usually through email. The goal is to steal sensitive data such as usernames, passwords, or banking details or to install malware on the victim’s machine. Phishing is an example of a social engineering technique used to mislead users and exploit weaknesses in network security. An attack will often direct users to enter sensitive information at a fake website, the look and feel of which match the legitimate site. Correspondence, claiming to have originated from social media, auction or retail sites, financial institutions, or network and IT administrators, are used to trap users.
