Phishing is a very dangerous type of cyber attack and with every passing day, the number of phishing attacks is rising. Phishing is the gateway that leads to many types of cyberattacks including ransomware, malware, identity, theft, credentials compromise, etc. Since Phishing is on the rise, you should be aware of different types of phishing so you can defend yourself better against them. So, let’s have a look at different types of phishing attacks:
Spear Phishing is a very common type of phishing in which the cybercriminals use gathered information about the target to create a convincing message in which the victim would easily be trapped. Usually, this information is obtained from the deep/dark web. More than 90% of the attacks that target enterprise networks consist of spear-phishing because information regarding huge enterprise networks is readily available on the dark web.
Whale Phishing is a type of spear phishing that involves targeting the bigger prey, which are called whales. Usually, the cyber attackers target the executives of the companies and try to trap them in such a way that they are able to score an executive password which will give them an easy entry into the network of the business.
Whaling attacks involve the cybercriminals impersonating a trusted source linked to the executive’s company and making them fall for the scam. These attacks usually target high privileged accounts that will be beneficial to the attackers like administrator accounts.
Smishing is phishing done through text messages. The scammers send a text message impersonating someone. Such attacks became very popular during the COVID lockdown period where the cybercriminals thought of this as a way to gain access to private and sensitive information including their financial and banking information. The cyber attackers knew the fact that during this time period people will be spending time at their homes on their phones mostly playing games like Solitaire, Crosswords, Chess, or Klondike Solitaire to pass their time and what better time to scam them than this.
Vishing is phishing with voice messages and voice calls. Just like smishing, fishing became popular during the COVID times. Vishing was on such a rise that it led to the FBI eliciting a warning. During Vishing, the cyber attackers try to impersonate a bank or any other company and trick the victims into giving them sensitive information.
Angler Phishing is a relatively new phishing strategy that attackers use to gain access to the victims’ social media accounts. In this type of phishing, the scammers use notification emails to lure the victims into providing them with information regarding their social accounts along with their login credentials.
There are different types of strategies used in Angler Phishing by which the scammers trick their targets. It can involve fake job ads to gather company data, spam social media emails, creating a dummy social account, and then making connections with people to authenticate their account after which they can send out phishing messages to their targets.
Angler Phishing saw a huge surge in 2020, with up to 40% of social media scams occurring this way. Most of the angler phishing emails use the name of a top social media platform and the same was the case in 2020 where cyber scammers were using the names of social platforms such as LinkedIn, Facebook, Twitter, in their emails to trick the target users into giving them personal information along with account credentials.
This is a very effective and trending type of phishing in which the scammers impersonate a brand account and trick the users into thinking that this is a legitimate account. Currently, brand impersonation attacks are on the rise and cybercriminals carefully imitate top brands in such a way that the target would trust them and consider that account legitimate.
For instance, if the scammers are targeting a business then the scammers would impersonate a technology firm, service provider, distributor, or any other similar company that would communicate with the business.
As far as average users are concerned, then brand impersonation usually involves brands like Microsoft, Amazon, Google, Chase, etc. Usually, the scam involves Amazon in which the scammers let the target users know that they have won a gift card or something while in the case of Microsoft, the victim is usually tricked into thinking that his/her PC is infected by a virus or malware that needs to be fixed immediately.
Business email compromise
Business Email Compromise is a multifaceted cybercrime that starts with a phishing attack. The attackers use phishing techniques to gain a password for a corporate account and using that corporate, the attackers impersonate that company’s owner and try to defraud other companies and businesses of their cash and sensitive information.
Other articles from mtltimes.ca – totimes.ca – otttimes.ca