Most people associate phishing with e-mail messages that spoof, or mimic, banks, credit card companies or other business like Amazon and eBay.
However, they can be made to look like they come from someone a business trades with regularly – or even someone internal to the business such as the CEO or HR department.
These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.What happens in a Phishing attack?
Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page.
This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source.
Phishers record the information victims enter into Web pages or popup windows.
The phishers use the information they've gathered to make illegal purchases or otherwise commit fraud. As many 25% of the victims never fully recover
Banks are putting more safeguards in place, but aren’t obliged to refund the stolen cash as they are with unauthorised or fraudulent payments on credit and debit cards.
Despite victims being tricked into transferring funds, banks will say the payments were "authorised" and they simply followed the payee's instructions.
Under GDPR compliance rules, businesses face hefty fines if personal data is stolen therefore needs to put safeguards in place.Improve Your Cyber Security