Phishing is an example of social engineering when hackers masquerade as a trusted entity and send digital messages, such as emails or texts, to manipulate individuals into helping them gain illegal access. These messages ask for secure information (like a password), or they have links that automatically install malware. The malicious programs can find and transmit sensitive data within your computer or incapacitate the entire network.
Cybercriminals will typically pretend to be reputable entities, such as well-known companies, so that you do not think twice before opening the link or entering your password. For example, a hacker might pretend to be from PayPal or Microsoft, and they may include official logos and other identifying marks on the email to make it seem legitimate.
You can spot phishing emails because they often have odd or lengthy email addresses or links to misspelled domain names. Knowing this can help protect you or your organization from this security risk.
As its name suggests, a password attack is when hackers steal a password to gain access to an individual’s or organization’s computer systems and information. Hackers will often exploit legal means to gain unauthorized system access. For example, they may try recovering a user’s forgotten password. Usually, however, they steal passwords via phishing emails that request a victim log in or change their password using a spoofed “official” site. Some password thieves rely on malware with keystroke tracking.