In today’s digital era, almost everything is carried out online. Most of the processes nowadays are digitized, from money transfer to sharing data and information, voice and video chatting, and e-signing important documents. This has also led to an exponential rise in the number of cyberattacks. Cybercriminals are continuously looking for ways to steal sensitive information and extort money. The speed and anonymity of the internet help them launch highly targeted attacks with minimal effort.
Phishing is amongst the commonly used techniques by cybercriminals to steal information. The phishing attacks that take place today are extremely difficult to spot.
In this article, we will discuss the top 15 types of phishing attacks you should know about.
So, without any further ado, let’s get started with these common types of phishing attacks.
Phishing is basically the act of sending fraudulent communications that seem to appear from a reputable and trusted source. Generally, a phishing attack is made through emails. The goal of the attacker is to get access to sensitive data like credit card details and login information. They also try to install malware on the victim’s system to cause damage. A phishing attack is amongst the common types of cyber-attacks that everyone should know about to protect themselves.
Now that you know what phishing is let us have a look at some of the different types of phishing attacks that happen around us.
Vishing refers to the phishing attack that is done through phone calls. The term vishing is devised using two terms – phishing + voice = vishing. With the enormous amount of data available on social media, phishers can communicate confidentially over a call in the name of your near and dear ones without any suspicion.
In September 2019, Infosecurity Magazine reported the launch of a vishing campaign to gain access to passwords of UK MPs and parliamentary staffers. To stay safe from vishing attacks, users must not answer calls from unknown phone numbers and should never disclose personal data over the phone.
65% of the attackers use spear-phishing as the primary infection vector. Spear phishing attack attempts can be disguised as email attacks done by a foe pretending to be your friend. Before targeting the victim, the attackers collect detailed information about them, such as their name, position in the company, contact details, etc. Fraudsters insert fake URLs and email links in the mail and ask for private information from the victim. They trick the victim into believing that the email has been sent from a trustworthy source.
Did you know more than 58% of the phishing websites are not served via HTTPS? Cybercriminals opt for this type of phishing attack, whereby the sender puts a legitimate-looking link in the email. Generally, there is no other content in the email except for the link. They trick the recipient into clicking the link or pasting it into their web browsers. For instance, they may make the email look as if sent from the recipient’s boss, co-worker, or the CEO.
Email is the most loved choice for most of the cyber attackers ever since phishing existed. They mimic a famous brand and reach out to people to help them resolve an issue. The authentic-looking communication asks you to enter a password or other account-related sensitive information. In addition to that, these mails also contain malicious attachments that try to insert malware into your device.
The whaling attackers generally target the senior executives of an organization. However, the ultimate goal of a whaling attack is just the same as any other kind of phishing attack – to steal sensitive data. Since the attackers target the senior executives, fake links and malicious URLs cannot be used here. Therefore, the phishers include bogus tax returns in their mails to target the officials.
In clone phishing, the attacker creates an identical replica of a legitimate message to fool the receiver into believing that it is real. The sender replaces the original link in the mail with a malicious one. For instance, he may add lines such as resending the original or an updated version. The victim will fall into the trap of why he received the same message again.
Social engineering basically represents the scenarios where the attackers try to gain your trust for stealing credentials and other valuable information. The phisher attempts to manipulate you psychologically, or even try to establish a real-world relationship over time. This type of attack often is a result of the victim developing the trust of the attacker. In today’s era, one should be extremely careful of such phishing types.
In deceptive phishing, the attacker poses as a legitimate company and tries to convince the victims that they are already under cyber threat. The attackers use popular brands such as Amazon and PayPal to target the people. Although some of these attempts are not convincing, the general population can be easily fooled into clicking on a savory link. Attackers also try to instill a false sense of urgency and scare the users into acting rashly.
Smishing is a form of cyberattack, among different types of phishing attacks, where the attackers use SMS to target the victims. The cybercriminals try to trick individuals into extracting personal and sensitive data such as account details, credit card details, or usernames and passwords. In Smishing, an attacker sends a fraud text message to an individual’s phone number. The text message includes a CTA (call to action) link that prompts the user to respond immediately.
A man-in-the-middle attack has an eavesdropper who is continuously monitoring the correspondence between two unsuspecting parties. Such sorts of attacks are generally executed by creating a phony public Wi-Fi network at public places such as coffee shops, shopping malls, and other such places. After the person joins the network, the middle man can phish all the information or even push malware onto the devices of the users.
In domain spoofing, the attacks make small variations in the domain and trick the user into thinking it is real. For instance, they may use gogle.com in place of google.com or instagrarm.com in place of Instagram.com. Or they may register a domain such as important-information.com and then use it to create a subdomain like https://paypal.important-information.com/, tricking the user into believing it as a PayPal URL.
Attackers use fake URLs, posts, tweets, and messages to persuade people to share sensitive information and download malware. Moreover, the attackers also use the posts that we put up on social media to customize their attacks.
In 2016, thousands of Facebook users got a notification saying that they have been mentioned in a post. After they tapped on the notification, a Trojan with malicious Google Chrome extension got downloaded on their computer. And when they logged in to Facebook using the infected browser, the attackers hijacked their accounts.
Search Engine Phishing is an emerging technique in the phishing world. The cybercriminals make websites having attractive but fake products, fake schemes, or fake offers to trick people into buying or registering. They also tie-up with fraud banks or interest-schemes to look more authentic. After a user visits their website, they ask him to enter personal details to purchase the product. All the information entered by the user goes into the hands of attacks that can cause massive damage to the victims.
Do you receive emails containing images of what you like? Then, BEWARE! You could be the next target of the attackers. Cybercriminals use images and other media formats to transfer malicious files in your system. The attacker can either link the image to a harmful URL or attach a batch file (.bat) with the media.
To stay protected from online scams, you need to be very careful. Always check twice before clicking on any link that you receive via email or SMS. See if you find anything suspicious like a spelling error or an unfamiliar link. Always submit your information on the website preceded by the HTTPS prefix in the URL. Try not to share your personal data with your loved ones over the internet.
Now that you know the different phishing types being invented these days, you need to be smart enough to spot a threatening trick. If you are interested in learning more about Cyber Security, then you can check out our Master Certificate in Cyber Security (Blue Team), India’s first program on defensive cybersecurity technologies.