Over the years, data breaches have been occurring regularly, with cases reported almost daily. Nowadays, many data protection tools and data protection courses have been created to help protect organisations from data breaches and cyberattacks. One of the most common types of cybercrime is phishing.
In phishing, criminals pose as a reliable source online. These criminals will lure victims into providing their personal information such as passwords, usernames, and credit card numbers, among others. Understandably, a phishing attack can take different forms. However, it often happens through email.
Phishing continues to become more sophisticated and has been observed to happen more often nowadays. While the primary goal of phishing scams is to steal personal information, there are various kinds of phishing you need to be aware of. Below are some forms of phishing attacks you need to be aware of:
This is one of the most prevalent forms of phishing. The method used will involve a “spray and pray” technique where hackers impersonate a legitimate organisation or identity and mass send it to as many email addresses as possible. The emails are typically written with a sense of urgency.
Most emails will inform the recipient that their account has been compromised and they need to respond and act quickly. The objective is to elicit a specific action from the victim such as clicking a link that will take them to a fake login page. Once they enter their credentials, they will be giving the scammers their personal information.
Instead of using the “spray and pray” method, spear phishing involves sending a malicious email to certain individuals within an organisation. The employees and the companies will be specifically chosen. The emails sent will also be personalised to make the recipients believe they have a relationship with the sender and can trust them.
Whaling is similar in some ways to spear phishing. However, rather than sending emails to specific employees within a company or organisation, scammers will particularly target senior executives (or big fishes, hence the term whaling). This includes CFOs, CEOs, and other high-level executives who have access to sensitive data.
Often, the emails sent utilise a high-pressure situation to get their victims hooked. For instance, they will inform the recipients that their company is being sued. This entices the targets to click malicious attachments or links to find more information.
SMS phishing or smishing uses text messages and not emails to carry out a phishing attack. This type of phishing attack is done the same way as an email-based attack. Attackers will send texts from seemingly legitimate sources such (i.e., trusted businesses) that contain malicious links.
Typically, links sent are disguised as a chance to win something like concert tickets or a coupon code for a discount on your next order.
Also known as voice phishing, vishing is similar in a way to smishing. However, with vishing, attackers will be using a phone as a vehicle for their attack. In other words, rather than using emails or text messages to exploit victims, they will be using phone calls.
Vishing calls will relay automated voice messages from seemingly legit institutions such as government entities or banks. Attackers can claim your credit card has suspicious activity, or your auto insurance has expired, or you owe a huge amount of money and you will be asked to act on the matter immediately.
From there, victims will be asked to provide personal information like their social security numbers or their credit card credentials to have their identities verified before action can be taken.