Phishing

What is Phishing?

(Kosinski, 2025) states that phishing is a type of cyber attack that uses fraudulent emails, text messages, phone calls, or websites to trick people into sharing sensitive data, downloading malware or otherwise exposing themselves to cybercrime. Phishing attempts are primarily user focused as opposed to other cyber attacks that target entire servers. Phishing preys on human error and attempts to trick the victim into believing the sender is someone who they are not.

A common example is the sender pretends to be a member of the victim's bank. The sender sends an email that looks like it is sent from an official customer support address and formats the email itself with all the branding and regular indications of the company they are impersonating. The contents of the email usually state that there is urgent action needed on the victim's account and lies about a multitude of different potential occurrences that can include someone having access to your account, a pending amount owed on a loan, etc. There will be a link for the victim to click in the email that will prompt them to input their email and password. Once this is done, the sender will have full access to the victim's banking account and all that is included in it. As shown in this example, the sender utilized words that induce panic in the recipient, urgent action needed often prompts the recipient into a state where they want to handle the situation as soon as possible which leads to worse critical thinking and judgement.

Stats Canada sent out the Canadian Survey of Cyber Security and Cyber Crime, they found that one in six businesses were impacted by cyber security incidents in 2023, the money spent on recovering from cyber attacks reached 1.2 billion dollars which was doubled since 2019, and the amount spent on preventative measures increased from 9.7 billion to 11 billion since 2019 (Government of Canada, 2025).

This leads to the next major target of phishing attacks, corporations. The sender will target employee emails in large companies that house valuable information. The sender will research company employees in public channels like LinkedIn and begin to pose as a manager or other high-ranking members of the company. They then send phishing emails to other, usually lower-ranking employees with orders to click the link in the email to complete a task that does not exist. The link provided will often include some form of malware that will target the company's systems and servers or simply prompt the victim to input their log-in info which will give the sender access to important company information. Phishing has become so prevalent in modern society that companies have begun to crack down on these targeted attacks. However, phishing is nuanced as it specifically targets individuals. This means that companies need to have a variety of systems in place to combat these phishing attempts. Having software in place on company computers that flags suspicious emails is a good start but does not completely alleviate the human error side. Mandatory information sessions, practice drills, and general training allow employees to learn the signs of potential phishing attacks and keeps private information safe.

Common Techniques

1. Fake emails from banks
2. Urgent messages
3. Malicious links

Prevention

• Check email senders
• Avoid clicking unknown links
• Use security software