19. Phishing
Perhaps the most well known—and most underestimated attack—is called phishing. This is a technique used to get you to unexpectedly handover your login credentials.
To pull this off, hackers setup a website with a login page asking for your username and password. Then they send an email with a link to that site. Of course, they won’t be like “hey, here’s a link, click it and give us your password.” Instead, they will make the email compelling and seem legitimate.
An example might be an email that looks like it’s from Apple. It will say something like “thank you for your subscription to Spotify. Your card will be charged $99 annually starting today. Click here to manage your subscription.”
Now, I don’t know about you, but if I thought I’d accidentally signed up for something that costs $99 per year, I’d probably want to cancel it. And that’s the point. I’m the moment you might be tempted to click the link; after all, it looks real. But when you do one of two things will likely happen: First, you may inadvertently download a malicious program known as a virus or malware. Second, you will be redirected to their phishing site. Maybe even both.
Once at the site you are asked to log in to manage your subscriptions. When you “log in” you’ve successfully handed over your username and password. The site may even redirect you to the actual page, so you never notice.