Phishing comes in a multitude of forms and that means it is more important than ever to be vigilant online. With so many different types of attack, it can be hard to spot them all. This guide will help you to understand some of the more common types of phishing attacks and how to avoid them.
What is phishing?
Phishing is defined as an attempt to gain sensitive information through fraudulent means. It is done in such a way that you might never notice it because the electronic means used for phishing can often make you trust the request for information. Your usernames, passwords, and credit card details are the most common targets for phishing attacks.
The number of phishing reports per year went over 1 billion in 2015. This is a growing problem and a serious one, so it is important to know how to defend yourself against it.
What are the different types of phishing attacks?
Some of the different types of phishing attack may seem familiar to you, while others might be a bit less obvious. One by one, we will detail what each type entails and how to spot them.
Spear phishing is very precise and is tailored to the individual target. This makes it very dangerous. And with 91% of cyber attacks starting with a spear phishing email, it’s the preferred method of phishing attack for hackers. Rather than going after several different targets, the attacker will use information gleaned about a target to make their request for information seem as natural and believable as possible. For example, they might target a company manager by emailing about a conference they attended recently and attaching a document purporting to be about the event – as has happened in previous successful attacks. This document would then contain malicious code to steal information from the target.
Whaling is similar to spear phishing, but it has a bigger target, company executives. They are specifically targeted by attackers because they have access to more data and financial accounts than lower-level employees. This kind of attack is all about getting as much money and data as possible from a single hit.
Clone / Deceptive phishing
You receive an email from a well-known online brand – for example, eBay. The email includes the company logo and looks just like one you would normally receive from them. Even the email address is similar enough to pass for the real thing. You are asked to click a link and verify your identity, and it takes you to the eBay site, so you log in. The problem is, it wasn’t the real site – and you just gave your password to a phisher. Always check the email and URL before entering login details.
Pretending to be a CEO or other high-ranking company executive can help to fool some employees. They are told to email sensitive information to their boss – so why wouldn’t they?
The FBI estimates that organizations that fall victim to CEO fraud lose on average $25,000 - $75,000 however many have lost millions. Mattel lost $3 million in 2015 because of a CEO fraud phishing scam.
It’s always important to check the email address and be sure of the veracity of the request before attaching anything that should not be shared outside of the company
Armed with this knowledge, you will be better equipped to avoid phishing attacks in the future. Just remember that it is important to be sure before entering or sending sensitive information – and you should avoid clicking links or opening attachments if you can’t verify the sender. This will keep you safe if you have your wits about you.
Graphus provides immediate protection and peace of mind for cloud application users by automatically eliminating social engineering – phishing, email scams, and malware attacks. The simple, powerful, and automated Graphus solution employs artificial intelligence to establish a Trust Graph™ between people, devices, and networks to reveal untrusted communication and detect threats. To learn more, click the button below.