Phishing remains one of the biggest cybersecurity threats in the world. To avoid becoming a victim, you need to be aware of the different ways phishers can try to attack you. Here are eight different types of phishing attacks you may encounter.
1. Email Phishing
This is your typical phishing email that is designed to impersonate a legitimate company. It is the least sophisticated type of attack that uses the “spray and pray” method.
They do not target a specific person and often just send generic emails to millions of users in the hope that some unsuspecting victims will click the link, download the file or follow the instructions in the email.
They’re often not as personalized, so they use general greetings like “Dear Account Holder” or “Dear Valued Member.” They also often use panic or fear with words like “URGENT” to get users to click on the link.
2. Spear Phishing
This is a more sophisticated and advanced type of phishing that targets a specific group or even specific people . It is often used by high-profile hackers to infiltrate organizations.
Did you get a fake email from your bank? It is part of a scam technique called spear phishing. Here’s how to stay safe.
Scammers conduct extensive research on individuals, their backgrounds, or the people they regularly interact with in order to create a more personal message. And because its most personal users do not usually suspect that something is wrong.
Always check the email address and format of the letter against what you would normally receive from that contact. It’s also best to call the sender and verify everything before downloading an attachment or clicking on links, even if it looks like it’s from someone you know.
This is another one of the sophisticated and advanced phishing attacks type, only this one targets a specific group of people: high-profile business executives like managers or CEOs.
Sometimes the target was addressed directly in the salutation, and the message could be a citation, a legal complaint, or something that requires urgent action to avoid bankruptcy, dismissal, or legal fees.
Attackers would spend a lot of time thoroughly researching the person and crafting a specialized message to target key people in an organization who would normally have access to funds or sensitive information.
The target will be sent links to a convincing login page where the hackers will collect the access codes or login information. Some cybercriminals would also ask victims to download an attachment to supposedly view the rest of the subpoena or letter. These attachments come with malware that can access the computer.
Vishing or voice phishing is a type of phishing, but instead of sending an email, attackers will try to obtain login information or bank details over the phone .
Attackers will pose as organization staff or service company support staff and then play on emotions to ask victims to hand over bank or credit card details.
Sometimes the message could be about an amount due, such as taxes, contest winnings, or be from a fake tech support person requesting remote access to a computer. They may also use a pre-recorded message and phone number spoofing, which makes a call abroad appear local. This is done to lend credibility to the attack and make victims believe that the call is legitimate.
Experts advise people never to give out sensitive information like login details, Social Security numbers, or bank and credit card details over the phone. Instead, hang up and call your bank or service provider right away.
Smishing is any form of phishing that involves the use of SMS or text messages . Phishers will try to trick you into clicking on a text link that will take you to a fake site. You will be asked to enter sensitive information such as your credit card details. Hackers will collect this information from the site.
Sometimes they will tell you that you have won a prize or that if you do not enter your information, you will continue to be charged by the hour for a particular service. As a general rule, you should avoid replying to text messages from numbers you don’t recognize . Also, avoid clicking on links you receive in text messages, especially if you don’t know the source.
6. Angler Phishing
This relatively new phishing tactic uses social media to entice people to share sensitive information. Scammers monitor people who post about banking and other services on social media. They then pretend to be a customer service representative for that company.
Let’s say you post a rant about a late deposit or poor banking service, and the post includes the name of your bank. A cybercriminal will use this information to pretend to be from the bank and then contact you.
You will then be prompted to click on a link so you can speak to a customer service representative and then you will be asked for information to ‘verify your identity‘.
When you receive a message like this, it’s always best to contact customer service through secure channels like the official Twitter or Instagram pages . Normally these would have a verified account sign.
7. Phishing to CEO
This is almost like whaling. It targets CEOs and managers, but becomes even more insidious. And it is that the objective is not only to obtain information from the CEO, but to impersonate him . The attacker, posing as the CEO or similar, will send an email to his colleagues requesting money via bank transfer or asking to send confidential information immediately.
The attack is usually directed at someone within the company who is authorized to make bank transfers. As which? Like budget holders, people in the finance department, or people who have access to sensitive information. The message is often intended to sound very urgent, so the victim won’t have time to think.
8. Phishing in search engines
This is one of the newer types of phishing attacks that uses legitimate search engines . Phishers will create a fake website that offers deals, free items and product discounts, and even fake job offers. They will then use SEO (search engine optimization) techniques to get your sites indexed by legitimate sites.
So when you search for something, the search engine will show you results that include these fake sites. Then, you will be tricked into signing in or providing sensitive information which will then be collected by cyber criminals.
Some of these phishers are becoming adept at using advanced techniques to manipulate search engines to drive traffic to their websites.
Stay informed and stay tuned
Knowing the names of each type is not as important as understanding the MO, mode, and channel of each attack. You don’t have to be confused by what they’re all called, but it’s important to know how their messages are crafted and what channels attackers use to reach you .
It is also important to always be alert and know that there are many people who want to trick you into giving your data. Understand that your company may become the target of an attack and criminals are looking for a way to break into your organization.
Knowing that such threats exist is the first step in preventing you from avoiding any of these types of phishing attacks. It is also very important to verify the source of the message before acting.