10 Types of Phishing Attacks and Scams | Total Security

PHISHING is a scam that consists of performing identity theft. This technique is widely used by cybercriminals to get users to carry out some kind of action.

There are a variety of phishing attacks targeting businesses; some involve the use of emails and websites; others may use text messages or even phone calls.

What is PHISHING?

1. CEO SCAM

The CEO scam occurs when a cybercriminal sends an email to a lower-level employee, usually someone who works in the accounting or finance department, posing as the CEO of the company or another executive, manager, etc. The purpose of these emails is often for your victim to transfer funds to a fake account.

2. CLONE PHISHING

The idea behind a "Clone PHISHING" attack is to take advantage of the legitimate messages the victim has already received and created a malicious version. The attack creates a virtual replica of a legitimate message and sends the message from an email address that appears legitimate. All links or attachments in the original email are exchanged for malicious ones.

3. SUPLANTATION OF DOMAIN

Domain spoofing occurs when a cybercriminal "spoofs" the domain of an organization or company to: make their emails look as if they came from the official domain, or make a fake website look like the real thing by adopting the design from the actual site and using a similar URL, or Unicode characters that look like ASCII characters.

4. EVIL TWIN (Evil Twin)

An "Evil Twin" is a form of phishing that takes advantage of Wi-Fi. TechTarget.com describes an evil twin as "a malicious wireless access point posing as a legitimate Wi-Fi access point so that the attacker can collect personal or corporate information without the knowledge of the end-user."

5. PHISHING HTTPS

The approach cybercriminals use in these attacks is to send an email with only a legitimate-looking link in the body of the email. Often there is no other content except the link itself (which can be clickable or a non-active link that requires the recipient to copy and paste the URL into their web address bar).

6. SMISHING

SMS phishing, or "smishing," is a form of phishing that takes advantage of text messages and instant communications. Have you ever received a text message from Ticketmaster? By smishing, cybercriminals can cause users to download malicious software by sending text messages that appear to come from legitimate sources and contain malicious URLs. It could be something disguised as a coupon code (20% off your next purchase) or it could be an offer to win free tickets to an upcoming show.

7. SPEAR PHISHING

A SPEAR PHISHING attack is a specific form of phishing. Unlike general phishing emails, SPEAR PHISHING targets specific people within an organization. They use social engineering tactics to tailor and personalize emails to their intended victims. Placing in the subject of the email topics of interest to the recipients to trick them into clicking the links or attachments

8. VISHING

A vishing attack occurs when a criminal calls on the phone to obtain personal or financial information. Attackers frequently use a variety of social engineering tactics to deceive you. For example, they pose as someone else: the Technical Department, your bank, or an executive from your company who claims to work at another branch, claiming that taxes are owed, or that your credit card has suspicious activity and should be closed immediately.

9. WATERING HOLE PHISHING

The goal is to infect websites so that when you or your employees visit it, your computers are automatically loaded with malware. This will provide attackers with access to your network, servers, and confidential information, such as personal and financial data.

10. WHALING

Instead of targeting lower-level people within an organization, cybercriminals target high-level executives such as CEOs, CFOs, and COOs. The goal is to trick the executive into revealing confidential information and corporate data.

Sometimes awareness is not enough to protect you from external threats. You should install total security to provide multi-level protection.