Types of Phishing – Phishing is a type of cybercrime in which criminals act as trusted sources on the Internet to trick victims into providing personal information such as usernames, passwords, or credit card numbers.
Phishingattacks can take many forms. Although usually carried out via email, scammers use many different methods to implement their plans, especially as phishing develops and becomes more complex and widespread today. Fraud is always about stealing personal information, and you should be aware of many different types of phishing.
Types of phishing
1. Email phishing
Probably the most common type of phishing, this method usually involves “spray and pray” techniques, where hackers impersonate legitimate individuals or organizations and send large amounts of e-mail to as many addresses as possible. Types of Phishing
These emails are usually written urgently to let the recipient know that their personal account has been hacked and they need to take immediate action. Their goal is to inspire specific behaviors of the victim, such as clicking a malicious link that leads to forgery. Log in. Unfortunately, after entering their access data, the victim gave their personal data directly to the fraudster. Types of Phishing
A real-life example of email phishing
Daily Swig reported that in December 2020, American healthcare provider Elara Caring was attacked by a phishing attack after two unauthorized employees were hacked. The attackers gained access to employee email accounts and leaked the personal information of more than 100,000 elderly patients, including names, dates of birth, financial and banking details, social security numbers, phone numbers, driving licenses, and insurance information. Before Elara Caring was able to completely locate the data breach, the attacker had access to it without authorization for a week. Types of Phishing
2. Spear phishing attack
Spear phishing does not use the aforementioned “spray betting” method but involves sending malicious emails to specific people in the organization. This method is not to send a large number of emails to thousands of recipients but to target specific employees of a specially selected company. Emails tend to be more personalized to convince victims that they are related to the sender. Types of Phishing
A Real-Life Example of spear phishing
Armorblox reported a targeted phishing attack in September 2019 against an executive of the world’s top 50 innovative companies. The email contained an attachment that appeared to be an internal financial statement and asked an executive to open a fake Microsoft Office. 365 login page. The CEO’s name has been entered on the fake login page, which further increases the blocking of fraudulent websites. Types of Phishing
3. Clone phishing
If you have ever received a legitimate email from a company but received the same message shortly afterward, then you have seen phishing clone activity. This phishing technique works by making a malicious copy of the email you recently received and forwarded from a seemingly trusted source. Any links or attachments in the original email will be replaced with malicious links. Due to problems with the link or attachment in the previous email, attackers often use excuses to forward the email. Types of Phishing
A real-life example of a clone phishing
A security researcher demonstrated the possibility of visiting a fake website via an email link, which appears to display the correct URL in the browser window, but misleads users by using characters that are very similar to legitimate domain names. Enter the URL yourself, and never click on a link in an accidental email (even if it looks legitimate).
Evil Twins phishing creates a seemingly legitimate Wi-Fi network, and when the victim connects to the phishing site, the network actually lures them to the phishing site. Once they enter the website, they are usually asked to enter their personal details, such as B. Credentials. Then directly to the hacker. With this data, hackers can break into the network, control it, monitor unencrypted traffic, and find ways to steal sensitive information and data. Types of Phishing
A real-life example of evil twin phishing
In September 2020, Nextgov reported a data breach in the internal system of the UN Ministry of the Interior. Hackers use malicious phishing clones to steal unique credentials and access the organization’s Wi-Fi network. Secure wireless infrastructure and the department’s network policy cannot guarantee that the office will implement strong user authentication measures, regularly test network security, or require network monitoring to detect and manage common attacks. Types of Phishing
5. Social Media Phishing
Social media phishing is when attackers use social networks such as Facebook, Twitter, and Instagram to obtain sensitive data from victims or trick them into clicking malicious links. Hackers can create fake accounts by pretending to be someone the victim knows to start their scam. You can even imitate the support account of a well-known brand to take advantage of victims seeking help from that brand. Types of Phishing
A Real-Life Example of social media phishing
In August 2019, Fstoppers reported on a phishing campaign launched on Instagram. Scammers sent private messages to Instagram users to warn them of copyright infringements and asked them to fill out a form to avoid blocking images. Your account.
The victim received a private message from the North Face official account claiming copyright infringement and asking them to click on the link “InstagramHelpNotice.com”, a seemingly legitimate website, and users were asked to enter their credentials. You have fallen into the trap of allowing hackers to access your account information and other personal information related to your Instagram account. Types of Phishing
SMS phishing or smishing uses text messages instead of emails to perform phishing attacks. They work in the same way as email-based phishing attacks: the attacker sends a text message containing a malicious link from a seemingly legitimate source, such as a trusted company. For example, the link can be disguised as a coupon code (20% discount on the next order!) or as a discount to win concert tickets. Types of Phishing
Example of smishing
In September 2020, Tripwire reported on provocative activities used by the United States Post Office (USPS) as a disguise. The attacker sends an SMS message asking the recipient to click on a link to view important information about the USPS that is about to be installed. In fact, this led the victim to visit various websites designed to steal Google user credentials. Types of Phishing