What is Phishing?
Phishing is a type of attack carried out in order to steal usernames, passwords, credit card information, Social Security Numbers, and other sensitive data by masquerading as a trustworthy entity. Phishing is most often seen in the form of malicious emails pretending to be from credible sources such as clients, coworkers, or financial organizations related to ASTI.
By tricking users into giving away their information, attackers can:
- Send spam from compromised email accounts
- Use your credentials to access other systems, attack other systems, and steal confidential company data
- Steal money from victims (modify direct deposit information, drain bank accounts)
- Perform identity theft (run up charges on credit cards, open new accounts)
The goal of most Phishing emails is to trick you into visiting a web site in order to steal your email credentials. Attackers will setup web sites under their control that look and feel like legitimate web sites. Often the Phishing emails will have an immediate call to action that demand you to "update your account information" or "login to confirm ownership of your account". If you enter your credentials into these illegitimate web sites you are actually sending your username and password directly to the attackers.