The internet is a great tool for people and businesses to use as they connect with the world and look up information. However, this online world has opened people up to various online threats including scammers, hackers, catfishers, and more. One of the most common online dangers that’s continuing to grow is phishing. Continue on to learn more about phishing scams, the types of phishing, and more.
What Is Phishing?
Phishing is a crime that often occurs online in which someone attempts to get another person to complete a specific action. These attacks often target unsuspecting victims via social media, email, text message, phone calls, and other communication mediums. Phishers will disguise themselves as legitimate people, professionals, or businesses to persuade you more easily to provide your personal information, click on a link, and more.
So, why do phishers do this? Well, they are usually financially motivated and looking for an easy way to steal your money. Otherwise, they are looking for you to provide your sensitive data like full name, DOB, social security number, account login information, and more. This information can be used by phishers and other online criminals to commit data breaches, identity theft, fraud, hacking, or sell your information to third-parties.
Types Of Phishing Attacks
Email phishing takes place when phishers send messages to your email address asking you to provide information. They will often pretend to be representing a legitimate company and have a professional-looking email. When victims see an email of this nature, they often believe that it’s a real opportunity. Usually, the phisher will offer you something or explain a golden opportunity, but you must provide them with some information first.
Phishing emails aren’t always similar to the above scenario. They may appear as spam messages to your email account. Most phishing scams occur via email versus other communication methods.
Spear phishing is a specific form of email phishing. Unlike email phishing, spear phishing is used to target specific people within an organization. They use social engineering tactics to customize their email to each of their targets. These phishers will use intriguing and persuasive subject lines to get the target to open the email. Once the email is opened, the phishers will attempt to install malware on your business device or obtain your sensitive information.
Whaling is just like spear phishing, but it targets high-level company employees like CEOs, CFOs, and COOs. These phishers are looking to obtain business data and information from the target. In messages sent to targets, their name, job title, and other details are included to make them think it’s a legitimate communication. Information that is included in the email is often found by phishers on Google, social media, and other online profiles.
CEO fraud, often referred to as business email compromise, is when phishers send low-level employees a message while pretending to be the company’s CEO or another high-level ranking employee. The goal is to get the employee to provide confidential business information on customers, employees, or financial accounts. They may also ask the target to do a wire transfer to a “business” bank account.
Smishing is basically the same as email phishing, but via text messages. Phone users constantly check their phone for texts from friends, family, stores, etc. Smishing criminals take advantage of this fact and pretend to be legitimate sources. Often, they will pretend to be a store or company offering a discount, giveaway, etc, but you need to text them your information or click on the link included. If links are sent, they are usually malicious urls that contain malware used to infect the target’s device.
Vishing, also known as voice phishing, is phishing phone calls. These criminals call their targets using various tactics to get them to provide their personal and financial information. Some things the may say include:
- Your cell phone bill is overdue.
- We have an amazing special for you!
- We are from your bank and noticed an issue.
- We are calling regarding your (X) account.
This tactic is a little weird, but apparently people fall for it. In the email body is only a link to a site that looks legitimate (has https at the beginning of the URL). The phisher will use techniques such as a personalized subject line and sending from a legitimate email address to get you to open the email and click on the link.
Watering Hole Attack
This type of phishing is less commonly used, but is effective. To choose their target, they find popular businesses that will likely have valuable data. Then, they will decide what websites their employees are likely to visit that they can compromise. Once the criminal has accessed the third-party websites, they will target the business’s employees and send them a link to the compromised website. If/when they click on it, their business device will be infected with malware and the criminals can obtain the data from the device. This malware then spreads to other devices within the network and business.
Those are just some of the many types of phishing attacks all people, especially businesses, should be aware of. Make sure to take the necessary precautions like taking a second glance at email, doing further research, and being careful what links you click on.
Recent Post: 10 Types of Online Scams To Avoid