Phishing attacks can be hard to notice. Be careful when a suspicious sender wants you to open any URLs or download a file. Let’s explain a little bit more.
What does a phishing attack mean?
A phishing attack is a type of cyber attack. The attackers are operating in a way to make the victim take one of the next actions:
- Enter data. A fake site, visually alike to a popular one, asks you to fill in your information, such as emails, passwords, usernames, and bank information.
- Download a file. The file contains a virus, which affects your device. They could make you pay a ransom to return control over your device.
They send a message that looks traditional and makes it hard to identify a difference from any other. Usually, it is professionally written and offers something that the victim wants. Another way is to make the message sound urgent, such as changing the password in X amount of time.
Cybercriminals are using this method for a long time. The term “phish” associates the word fish and the way we lure a fish with bait.
The largest number of phishing attacks are sent via email. With a fake domain, which is similar to a true company, they send thousands of requests. The fake domain usually contains letters change, for example, placing “n” and “r” next to each other to make “rn” rather than “m.” Another way is to apply the company’s name as a part of the email address.
The main rule for spotting a phishing email is always checking the email address of a message that wants you to download a file or click a link.
Spear phishing involves email too. The difference is that spear phishing emails are sent to a specific person. Attackers for this attack already have some or all information about the victim like:
- Job title
- Place of employment
- Email address
- Detailed information about their job role.
Whaling attacks are even more targeted, aiming at senior managers.
The end goal of this attack is the same, but the technique is a lot more complex.
A common variety of whaling is scams involving false tax returns. Malicious URLs and fake links are not useful in this case.
Attackers highly appreciate tax forms containing useful information: names, addresses, and bank account information.
Smishing and vishing
Telephones replace emails as the way of communication, with bot vishing and smishing. Smishing includes attackers sending text messages. The content is similar to email phishing. Vishing, on the other hand, includes a telephone conversation.
An example of a vishing scam is when the criminal presents himself as a bank fraud investigator. The attacker is telling the victim that their account has been breached and will ask to verify their identity or provide payment card information.
Angler phishing is an approximately new attack. Social media allows attackers a lot of ways to trick people. For example, fake URLs cloned websites, tweets, and posts. Also, instant messaging allows basically the same as smishing. These vectors can be implemented and applied to convince people to download malware or reveal personal information.
Furthermore, cybercriminals can benefit from the already posted information in social media to make a highly targeted attack.
Recommended article: Most popular DNS attack types.