A phishing attack is basically an attack that can be used by a hacker to obtain information about you simply by asking for it. This is a rather simplified definition. What actually happens is that the attacker typically throws bait and waits for you to catch it. If you do, you are hacked. You can infer that this attack is a lot like fishing, hence the name.
The easiest form of such an attack is one that you have probably seen many times in your mailbox. You would receive an email from for example help.desk[at]gmail.com saying that Google has noticed that it is time for you to change your password and you are asked to click on a link to go ahead and do so. What happens is that you are redirected to a fake page created by the attacker. This page looks a lot like the original Google page with fields to enter your old and new password. Once you enter your password, the attacker receives it and is able to access your account. This can happen on your e-mail account, Facebook, twitter, or anything else.
In order to be safe and avoid such attacks firstly you must understand that your service providers typically never ask for your confidential information in an e-mail or through a phone call for that matter. Online service providers go through extreme lengths to provide security for your accounts but the easiest way to hack your account is to simply ask you for your password.
EXEO advice against phishing attacks:
- Never click on links from untrusted users
- In case you receive a link from a trusted user verify it through asking if the link was intentionally sent.
- In many cases attackers who compromise an account ask friends for money or phone recharge cards. If you notice such activity on a friend’s account contact them to verify and report it.