Phishing attacks are where a user receives a message by electronic means, such as email, social media, instant messaging, or SMS text. The purpose of the message is to trick the user into disclosing information, clicking a link to a malicious website or opening a file containing malicious code. Phishing attacks are most effective when the user believes the message comes from a trusted source such as a client, a colleague, or a friend.
The key to recognizing a potential phishing message is to look for a call to action, wording designed to rush the receiver into taking action as a result of a false sense of urgency.
While anti-malware products are good at catching malicious content, user awareness and training are needed to stop attacks in their tracks.