5 phishing attacks
The most common phishing attacks are
- Email phishing
- Spear phishing
- Smishing and vishing
1. Email phishing
The most common phishing attack are sent by email. The main aim of the attackers it to get the login credentials of the users.
The crook will register a fake domain that mimics a genuine organization and sends thousands of generic requests.
Also,, they might use the organization’s name in the local part of the email address (such as [email protected]) in the hopes that the sender’s name will simply appear as ‘PayPal’ in the recipient’s inbox.
You should always check the email address of a message that asks you to click a link or download a attachment.
2. Spear phishing
- Spear phishing targets specific individuals instead of a wide group of people.
- Attackers often research their victims on social media and other sites. That way, they can customize their communications and appear more authentic.
- Spear phishing is often the first step used to penetrate a company’s defenses and carry out a targeted attack.
- Criminals who do this will already have some or all of the following information about the victim: their name, place of employment, job title, email address and specific information about their job role.
- When attackers go after a “big fish” like a CEO, it’s called whaling. Whaling attacks are even more targeted, taking aim at senior executives.
- Scams involving bogus tax returns are an increasingly common variety of whaling.
- These attackers often spend considerable time profiling the target to find the opportune moment and means of stealing login credentials.
- Whaling is of particular concern because high-level executives are able to access a great deal of company information.
4. Smishing and vishing
- With both smishing and vishing, telephones replace emails as the method of communication.
- Smishing involves criminals sending text messages (the content of which is much the same as with email phishing), and vishing involves a telephone conversation.
- A common vishing scam involves a criminal posing as a fraud investigator (either from the card company or the bank) telling the victim that their account has been breached.
- The criminal will then ask the victim to provide payment card details to verify their identity or to transfer money into a ‘secure’ account – by which they mean the criminal’s account.
- Similar to phishing, pharming sends users to a fraudulent website that appears to be legitimate.
- However, in this case, victims do not even have to click a malicious link to be taken to the bogus site.
- Attackers can infect either the user’s computer or the website’s DNS server and redirect the user to a fake site even if the correct URL is typed in.