Seven types of Phishing
1. Email Phishing
Traditional phishing attacks are usually conducted by sending a generic malicious email to as many people as possible. To fool, trick or attack the victims, the phishing email usually appears to come from a trusted source. For example, a bank or someone the victims may know. The phishing message will often try to lure the victims into opening an infected attachment, or into clicking on a link that will take them to a malicious website. The attacker will then attempt to infect and take control over the victims’ computers or to harvest their usernames and passwords.
2. Spear Phishing
This is a phishing attack highly targeted where the message will be sent only to one person or a few, carefully selected individuals. The overall goal of the attack will determine who gets selected as intended victims. Typical goals are accessing highly confidential information or corporate business secrets. Before crafting the message, the attacker will try to build a profile on the victims’ life, work and interests. This will be used to create a highly customized message that will come across as credible and relevant to the victim. In addition, the attacker might gather information about the victims’ friends and colleagues, in order to make the email appear like it is sent from one of them. Because spear phishing attacks are highly targeted and customized, they are far more likely to succeed than traditional phishing attacks.
We recommend that you also read our post Understand the Difference between Phishing and Spear Phishing.
3. Whale phishing or CEO fraud
This is a kind of spear phishing attack where hackers target executives and high profile end users in the companies. Personalization and detailed knowledge of the executive and the business are the hallmarks of this type of fraud. In this case, the spoofed email sent by the scammer appears to come from a higher level manager. The goal is to steal money, for example through unauthorized wire transfers, obtain confidential information as tax information, or gain access to the victim computer systems for criminal purposes.
4. Angler phishing
This threat uses social media to attack its victims. Cybercriminals take advantage of the increasing use of social media as a platform of communication between companies and their customers. Fake corporate social media accounts are created by cybercriminals. When a customer contacts a company through one of these fake accounts, the attackers convince the customer to submit sensitive data or to follow specific steps to be redirected to phishing websites where fraud occurs.
Vishing is a combination of ‘voice’ and ‘phishing’. This is a phishing attack where a phone call takes place. The scammer impersonates a known company or organization, for example a bank, the tax agency, a coronavirus track-and-trace service, a telecommunication company, etc. Its goal is collect sensitive information such as account numbers and passwords. Then, that information will be used for some type of identity fraud, or to steal money directly from a bank account.
Smishing is a combination of ‘SMS message’ and ‘phishing’. This is a phishing attack where a victim receives a simple text message in the phone. This message can include a link that takes the victim to a page controlled by hackers, where they will try to steal information. Other options are that the text message asks the victim to call a telephone number with a special rate, or respond to a text message confirming the victim’s credentials.
QRishing is a combination of ‘QR Code’ and ‘phishing’. QR codes are very present in our daily life. Simply by approaching a mobile device with a camera, we can access pages and services without typing anything. The problem comes when that QR code is maliciously modified. By bringing the mobile device closer and reading that code, it redirects the victims to a fake website that puts their security at risk.
If you liked this topic, do not miss our next post Phishing: What Do You Need to Know? – Part 2. We will give you some tips for avoiding phishing and also some recommendations about what to do if you have been scammed.