Phishing is a type of internet fraud when criminals send legit-looking emails from foreign institutes or known vendors.
The email set to deceive the addressee, usually the company’s CEO, accountant, or secretary and have them enter confidential company data such as bank accounts numbers, passwords, codes, birthday dates and lead them to a fake website by clicking the link.
A single click on the attached link or file will be sufficient to transfer that data to malicious software.
The online criminals will use the data to perform an identity scam or they sell to a 3rd party.
Traditionally, phishing attacks spread via massive spam stock indiscriminately, aiming for large groups of people.
The goal is to deceive as many people into clicking the link and downloading the vicious file. There will always be people clicking the link, but as awareness rises, the attackers become more sophisticated and focus on their method, leading us to phishing types.
Phishing attacks ware all kinds of shapes, but they all take advantage of human behavior.
The following list of examples includes the most common attacks.
Spear phishing – attempting to steal personal information directly, usually aiming for a specific person or organization. These attacks use the victim’s personal information to make it appear legit. Internet criminals will generally be on social media sites and organization websites for research and information mining. Once they have a good understanding of their victim, they will send customized emails including links downloading the malicious software.
Vishing phishing – Phone phishing.
This is the most human interaction of the phishing attacks and meant to deceive.
Criminals create a sense of urgency to persuade the victim to expose sensitive information.
The conversation will usually be made from an identified fake number, having it look like a reliable source.
The standard type is a scammer: pretending to be a bank employee warning from suspicious actions in the bank account. Once they have the victim’s trust, the criminal asks the victim to provide personal information like access details, passwords, PIN codes, etc. After which the information will be used to draw money or perform an identity scam.
Whaling phishing – The thing that differentiates this category from others is the high-level target.
Attacking whales is an attempt to steal sensitive information, often of senior management.
Whaling emails are far more sophisticated then spamming and much more challenging to detect.
Emails will often include an organization or target customized information, using a more corporate language. A lot of effort and thought go into these emails with the high-level benefit in mind.
Smishing – An impersonating phishing, using text as opposed to emails aiming for specific people. This is yet another useful method internet criminal use for tricking people into exposing personal information such as credit card numbers, bank account numbers, usernames and passwords.
This method includes fraudster, texting a private number, usually demanding an immediate response.
Clone phishing – Cloning email addresses of a previously legit correspondence, making it look like the original sender sent it, but containing malicious content, links, and attachments.
Mornex will assist in preventing all these issues by providing information security and cybersecurity services.