Phishing Attacks Explained: Types and Techniques

However savvy and experienced you are as an internet user, you must be on your guard against scams. Unfortunately, the internet is full of them – and there are always people looking to exploit the unsuspecting in order to con them out of money or sensitive personal information.

One of the most common types of online scams is what is known as ‘phishing’. This is a type of cyber attack where scammers trick individuals into divulging information such as usernames, passwords and credit card details. For its victims, phishing can be incredibly costly.

Both individual consumers and businesses can fall victim to phishing scams. As they come in numerous forms, it’s important to know what they look like so you can be vigilant against them. Here are some of the most common phishing scams to watch out for.

Email phishing

The most common kind of phishing attack is email phishing. This is where a fake email – often purporting to be from a legitimate, well-known company or organisation – is sent to the target of the scam in an effort to get them to give up their personal details.

Scammers often register fake web domains closely resembling those of real organisations and use urgent language to pressure the target into providing information (such as their passwords or payment details). Users may also be asked to click through to fake websites, again mimicking the website of a genuine company, to trick them into believing that the email is legitimate.

Spear phishing

Spear phishing is a more sophisticated type of email phishing. It involves sending emails to specific people, where the scammer already has personal information about their intended victim (such as their name, place of employment, job title, names of colleagues or other contacts).

Because the scammers are armed with this information, spear phishing attempts can be much more convincing at first glance. This makes it easier for fraudsters to manipulate their target into giving up further information or performing tasks like money transfers.

Whaling

Whaling attacks are also targeted forms of phishing, but are specifically targeted as senior executives of an organisation. Senior managers and executives generally have more information about them publicly available; this allows scammers to create quite convincing fake emails.

Also, whaling emails may see fraudsters pose as a senior figure within an organisation asking more junior members of staff to do something, such as transfer money. Junior employees may be more likely to comply, as they’re often hesitant to disobey instructions apparently given by their boss.

Vishing and smishing

With voice phishing (or ‘vishing’) and SMS phishing (‘smishing’), potential victims are targeted by fraudsters via their phone rather than email. Fraudsters will send text messages or make phone calls falsely purporting to be a representative of a trusted organisation such as a bank, credit card company, phone provider or a tax collecting body like HM Revenue and Customs.

A vishing call might, for example, see a scammer pretend to be calling from a bank to tell the victim that their account has been compromised and asking them to provide account details or to transfer money to the scammer’s own account.

Smishing scams come in the form of text messages sent to a target’s phone. They commonly claim to be alerting victims to suspicious activity with their bank account and then direct them to a fake website, created by the attacker, where they are then asked to enter their details.

Man-in-the-middle attacks

Man-in-the-middle or MITM attacks are a more recent form of phishing. Here, an attacker inserts themselves between two parties who think they’re directly communicating with one another, intercepting messages between them and possibly altering them or adding new ones.

MITM attacks have successfully been used to steal sensitive information from businesses, including by compromising their email accounts. Many phishing detection systems fail to spot MITM attacks, which are also capable of evading two-factor authentication.

Angler phishing

Another relatively recent kind of phishing attack is what’s known as ‘angler phishing’. These attacks see fraudsters use social media to trick their intended victims through social media; as people tend to share a lot of information about themselves on social networks, fraudsters can use this to conduct highly convincing attacks.

So, for example, scammers may create social media accounts purporting to represent a genuine company or organisation and trick them into providing personal information. These accounts often con people into making complaints or asking for help; the scammers can then direct victims to provide sensitive details which can then be used for the purposes of defrauding them.

Conclusion

You can take steps to safeguard yourself against phishing attacks. Spam filters will catch a lot of phishing attempts, but they aren’t foolproof by any means – so you need to ensure that you remain vigilant and, if you’re an employer, that your staff are properly trained to spot scams. Your choice of IT supplier is also vital to ensuring your security as an organisation. The Solsoft team can get to know your business in detail and help it make full use of the latest IT tools. Get in touch with us today to arrange a call at your convenience and find out more.