Phishing is a tactic that cybercriminals use to attempt to lure you into clicking a link or opening an attachment with the goal of obtaining sensitive data, stealing money, or installing malware. These attacks are becoming more sophisticated than ever and often are sent via email, embedded on websites, or even sent via text messages. The communication often looks like it is coming from a legitimate source (e.g. your financial institution, a social network, the IRS, or similar). Spear Phishing is a targeted approach that attacks a specific identified user. Often in this methodology, the cybercriminal will create a fake email that looks almost identical to a normal email you may receive from a co-worker, customer, or vendor. It can be very difficult to identify the difference between a real email or a malicious one.
Defendify Tip: Always be on the lookout for emails with typos and poor grammar, unexpected messages insisting urgent action, or requests that you click a link to open an attachment, enter your credentials, or make a payment.