Five Types of Phishing Attacks that Reel in Victims

Phishing attacks are becoming progressively clever and easy to launch. The convenience of phishing kits available to purchase on the dark web renders it easy for cybercriminals, even with minimal technical skills, to launch phishing campaigns. The emails used to execute the phishing attacks are also carefully crafted to avoid suspicion to ensure victims open these emails. 

From the headlines, it is also clear that some phishing scams have been very successful and made international waves such as when hackers obtained access to Hillary Clinton’s campaign chair, John Podestra’s, Gmail account. Or when private photos of several celebrities were made public after, what was thought to be an insecurity on Apple’s iCloud turned out to be successful phishing attacks.  In 2016, employees of the University of Kansas also fell victim to phishing when they responded to a phishing email and handed over access to their paycheck deposit information.

In a previous post, we have highlighted what is phishing and how it works. Below we will detail five types of phishing attacks that people fall victim to.

  1. Vishing

This form of phishing occurs via phone calls and instead of emails, voice is being used to execute a vishing attack.

  1. Smishing

Also known as SMS phishing, this is one of the easiest types of phishing attacks where the victim is targeted using SMS alerts. Smishing victims will usually receive a fake direct message or fake disruptive event message with a cancellation link. This link redirects to a fake page designed specifically to collect personal and sensitive details.

  1. Search Engine Phishing

This type of phishing entails creating a fake webpage that targets specific keywords and then waits for victims to land on this fake page. Once the victim clicks on the page link, he or she is hooked.

  1. Spear phishing

In contrast to traditional phishing that relies on bulk emails being sent to millions of users, this form of phishing is targeted in nature. The emails used to execute this attack are carefully drafted to target a particular type of user after thorough research of the potential target has been conducted through their social media and business profiles. It is used on both individuals and businesses.

  1. Whaling

This is the big one, no pun intended. Whaling is similar to spear phishing but the targeted group is even more specific and refined. It targets, for example, CEOs, CFOs or COOs (in other words senior management) and industries such as technology, banking, and healthcare as they are considered the big players in the information chain of any organization.

Phishing, it seems, is here to stay and we have to educate ourselves to avoid becoming part of the statistics. Stage2Data partners with Heimdal Security to offer robust, multi-layered security products to combat next-gen malware, ransomware and other enterprise threats. For more information, please get in touch.