Even if we started off with a joke, phishing is a serious threat to both businesses and individuals around the globe. Being one of the oldest and most widespread “tricks in the book”, this scamming method’s purpose is to get access to sensitive personal information.
Before starting your read, assess your current online habits when dealing with scams.
What differentiates phishing from the other types of cyberattacks is the message used as a hook. Attackers are impersonating well-known business entities or people in order to trick the victims. Without vigilance and support from IT professionals, all of us are at risk. In business, trust is never a given – it’s earned. The same applies to phish attempts – don’t take any form of communication for granted, nowadays the scams are becoming more and more sophisticated and personalized.
There are different kinds of phishing scams that have been developed throughout the years. Due to their easy multiplication, it is very difficult to estimate the types and number of scams, but we can start with a brief categorization based on the purpose, target and means of the attack.
Handover sensitive information happens when hackers are trying to breach a system or an account using tailored emails from different entities, like banks. Victims are encouraged to click on a link that will redirect them to a copy of the genuine website, where credentials log-in is required. Once filled in, your personal data is automatically sent to hackers.
Malware downloading scams work by using soft targeted emails with ZIP files or Microsoft Office documents that contain malicious code as attachments. The hackers’ goal is to infect the victim’s computer with malware and thereby gain access to their files and personal information.
Spear phishing happens when attackers find their targets online and use spoofed addresses to send messages crafted to appeal to those specific individuals. For example, emails from “co-workers” requesting large amounts of money through an urgent bank transfer.
Whaling is a specific type of spear-phishing but aimed at a high-value target, usually top positions in companies – like board members or shareholders.
Deepfake technology uses the latest innovations in artificial intelligence and deep learning in order to develop fake or altered audio content meant to scam users by phone. The victims are asked to dial a specific number in order to receive identifiable bank account details or to share personal information over the phone.
SIM swapping is a tactic that avoids the 2-factor authentication security layer by tricking the user into supplying their one-time passcode sent via text messages. Once the hacker owns the code, they carry on to port the victim’s phone number to their SIM — allowing them to receive all of the victims’ SMSs and voice calls.
Search engine phishing involves manipulating browsers into showing malicious results. Once the user accesses the infected website and enters personal information, their data is collected by hackers.
Moreover, hackers can infiltrate real business email threads by exploiting previously compromised credentials. Therefore, they can insert themselves into personal or business conversations in disguise as one of the group. This is called a conversation-hijacking attack.
Knowing the different types of phishing scams that can help everyone spot them easily and therefore, stop acting from fear or uncertainty when threats arise in day to day situations. Education is the first step towards safe habits online and offline.
Stay connected to Penta on LinkedIn, Facebook and Twitter and be the first to check out the next chapters of the Phishing Guide. Explore cybersecurity dynamics and real examples of phishing scams handpicked by our security experts during the pandemic. See how hackers are taking each opportunity to create contextualized scams to steal personal data and learn how to protect yourself in the following chapter. Your complete IT powerhouse has got your back!