Phishing is a process with several steps. The objective of phishing is to persuade a business staff member to
unknowingly install software on his or her computer. The software that is installed is called a Trojan virus and
enables to criminal to have access to the computer without the user knowing, and also bypassing security measures
such as firewalls.
The criminal sends emails, called phishing messages, to the staff that impersonate an entity that the user will
recognize, a bank, a company like Amazon or PayPal, or the company that the person works for. Staff business and
personal email addresses are obtained from the company website of a search through social media at site such as LinkedIn.
The message informs the user about some problem, with an account, with a purchase, etc. and urges the person to solve the
problem quickly by clicking on a link. Clicking the link will install the Trojan virus. Next the criminal gets to work
accessing the business data on the server.