“Phishing” is an attempt to acquire sensitive information from an individual by masquerading as a trusted entity. The term refers to the specific content of an electronic communication which is the “bait”.
There are many different types of information that a sender may try to obtain:
- Usernames and passwords, to Vassar resources or external sites, such as banks
- Credit card information
- Social security number, driver’s license, or other identifying information
- Mailing address and phone number
The content of a phishing message could contain any of the following:
- A URL, or link, for a website that downloads and installs malware or viruses
- A URL, or link, for a website that asks a user to fill in sensitive information, as listed above
- An attachment in PDF, docx, or other common format that when downloaded will install malware or a virus
Why is this different from spam?
Spam is an electronic communication specifically designed to draw people to a site that sells services. It is a digital version of telemarketing. Although spam can be annoying, there is usually no harmful content in the message. Phishing is a direct attempt to obtain information, whereas spam is an attempt to draw people to a valid, if unsavory, online consumer site.