Phishing
Overview
Phishing is a type of cyber attack that impersonates trusted institutions or individuals to steal users' personal information (passwords, credit card numbers, account details, etc.) via email, text messages, phone calls, or fake websites. A portmanteau of 'Password' and 'Fishing,' it first emerged in the mid-1990s and has continuously evolved, becoming a serious global security threat. Phishing differs from technical hacking in that it exploits human psychological vulnerabilities through social engineering techniques and is also used as an entry point for secondary attacks such as ransomware or business email compromise (BEC).
Main Content
Types of Phishing
- Email Phishing: The most traditional form, involving mass emails impersonating banks, government agencies, or large IT companies to lure users to fake login pages. Recently, spoofing techniques that forge sender addresses or use domains similar to official ones are common.
- Smishing: Phishing using SMS text messages, enticing users to click links disguised as parcel delivery, COVID-19 vaccination, or financial fraud alerts. It spreads rapidly in mobile environments and often induces the installation of malicious apps.
- Vishing: Phishing via phone calls, impersonating financial institution employees, police, or prosecutors to demand account transfers or personal information. Recently, cases using AI voice synthesis technology to clone the voices of acquaintances or superiors have been reported.
- Spear Phishing: A sophisticated attack targeting specific individuals or organizations, where attackers pre-research targets' SNS, company websites, or news to craft personalized messages. CEO impersonation emails (BEC) are a prime example.
- Whaling: A subtype of spear phishing targeting high-ranking executives or celebrities, aiming for large financial gains or theft of confidential information.
- Clone Phishing: A technique that replicates a legitimate email previously received by the user, replacing only the links or attachments with malicious ones before resending.
Typical Process of a Phishing Attack
1. Information Gathering: Attackers collect logos, phrases, email formats from target organizations, or obtain personal information via SNS or data breaches.
2. Crafting Impersonation Messages: Using collected information, they create emails or texts that appear to come from a trusted sender. Content often induces urgency (account suspension, security alert) or curiosity (prize, giveaway).
3. Luring and Click Induction: They include fake links or malicious attachments to prompt user clicks. Links use lookalike domains (e.g., go0gle.com) or URL shortening services.
4. Information Theft: Credentials entered on fake login pages are collected, or malware is installed to extract additional information.
5. Secondary Attacks: Stolen information is used for financial fraud, account takeover, ransomware distribution, or further phishing attacks.
Damage Cases and Impact
- Financial Loss: According to the FBI's Internet Crime Complaint Center (IC3), phishing-related losses in the U.S. alone exceeded $10 billion in 2023. Domestically, voice phishing damages amount to hundreds of billions of won annually.
- Data Breach: For companies, leakage of customer databases, intellectual property, or trade secrets leads to massive reputational damage and legal liability.
- Ransomware Infection: Ransomware distributed via phishing emails accounts for over 70% of all ransomware infections in 2024, making it a primary vector.
- Political and Social Impact: During election periods, phishing attacks impersonating politicians or parties can lead to public opinion manipulation or internal document leaks.
Prevention and Response Methods
- Individual Level: Avoid clicking links in suspicious emails or texts, verify sender addresses and domains, enable two-factor authentication (2FA), regularly change passwords, and install and update antivirus software.
- Organizational Level: Conduct regular security training and simulated phishing exercises, deploy email filtering and spam blocking solutions, implement email authentication protocols like DMARC/DKIM/SPF, establish intrusion detection systems (IDS), and develop incident response plans.
- Technical Measures: AI-based phishing detection systems, URL reputation analysis, behavior-based analysis, and sandbox technology for attachment inspection.
- Reporting and Response: In case of phishing damage, immediately contact the relevant institution (bank, card company) to freeze accounts, report to the Financial Supervisory Service or the National Police Agency's Cyber Bureau, change passwords, and perform account recovery procedures.
Latest Trends
In 2024–2025, phishing attacks are becoming more sophisticated due to advances in generative AI. AI-generated emails with perfect grammar, personalized messages, and deepfake voice and video used in vishing are rendering traditional detection methods based on grammatical errors or awkward expressions ineffective. Additionally, 'Quishing' using QR codes is surging, with everyday QR codes like restaurant menus or parking notices leading to malicious sites. Phishing targeting cloud services and SaaS platforms is also on the rise, with frequent attempts to hijack Microsoft 365 and Google Workspace accounts. In response, the security industry is accelerating the adoption of AI-based real-time detection, behavior analysis, and zero-trust architecture, while international cooperation to block phishing sites and dismantle criminal organizations is actively underway.
Related Topics
- [[Ransomware]]
- [[Social Engineering]]
- [[Cyber Security]]
- [[Business Email Compromise]]
- [[Deepfake]]
- [[Two-Factor Authentication]]
---
AI auto-generated document · Improved by the community