Phishing is the process of getting sensitive and confidential information such as username, passwords, pin codes, and contact details by illegal means.
Phishing is similar to spam in operation and appearance but more like spyware in functionality.
In phishing, an architect of the process sends you emails that look legitimate and from a well-known and well-reputed website.
These phishing emails often contain a link embedded inside. When you click on the link, it takes you to another website.
That website also resembles the actual and legitimate website. Still, in reality, this website, like the email and link, is also fake and serves the purpose of phishing attacks.
The website asks you for some typical tasks, such as verifying your id or buying something using your credit card, providing contact details, or giving your account number.
If you become a victim of phishing email and enter any of the above-mentioned confidential information, that information is passed to the perpetrator of the phishing attack.
Phishing attacks involve many social engineering and email spoofing tricks. In a phishing attack, the primary purpose of the attacker is to trick the user into believing that the email is legitimate and the website asking for the information is also present.
It then lures users to enter their confidential information on this phishing website.
The typical methods deployed in phishing are email and instant messaging. The main targets of phishing attacks are bank customers and people using online payment services.