Phishing is one of the oldest and most flexible types of social engineering attacks. It is used in many ways, and for different purposes, to lure unwary users to fake sites and trick them into entering personal information.
The latter often includes financial credentials such as bank account passwords or payment card details, or login details for social media accounts.
In the wrong hands, this opens doors to various malicious operations, such as money being stolen or corporate networks being compromised. This makes phishing a popular initial infection method.
According to Kaspersky, phishing attacks are becoming increasingly more targeted. A number of new tricks have also been found – from HR dismissal emails to attacks disguised as delivery notifications.
As a result of such tendencies, security solutions have detected 2,023,501 phishing attacks in South Africa, Kenya, Egypt, Nigeria, Rwanda, and Ethiopia.