The Different Types of Phishing
Depending on how authentic the phishing attack looks, regular phishing emails have a lower success rate then the likes of spear-phishing and vishing. Criminals know this and send thousands of these emails around the world daily to increase their chances of tricking you. Phishing emails tend to be purporting large organisations like Apple, Amazon, Facebook and other businesses that millions of people use. Criminals who use this technique mainly focus on stealing personal information by tricking victims into entering names, addresses, credentials and bank information on fake websites.
This technique has the higher success rate but takes a bit of time and research for the criminal to get what they want. Spear-phishing is where a criminal targets an individual person or business by creating a fake email that relates to the target. Using social engineering and research they will pretend to be someone the individual knows like a manager, business partner or friend and make the email relevant. The end goal of spear-phishing varies. Criminals have the opportunity to ask their victims to do almost anything if they get it right. They could ask you to open a fake invoice which is riddled with malware, ask for your login details to “perform updates” or authorise a payment to a “clients” bank account.
Smishing works in a very similar way to phishing, however, targets your mobile phone through SMS messages. The concept is the same, the message poses as legitimate and often contains a link to a malicious website designed to trick you into entering your personal information. You may also be tricked into downloading an app which despite looking legitimate is infected, therefore sending personal data to the Cyberattacker. Smishing doesn’t have to just be done through SMS (although that is where it is most common), it may also happen on similar online messaging services, such as WhatsApp. With businesses using mobile phones and SMS messaging rising, so is the prevalence of Smishing scams.
Whaling attacks are targeted and well thought out. They are aimed at executives and high profile users that have access to large amounts of business finances or critical data. Diverse, targeted social engineering techniques are used, essentially meaning the attacker will use whatever method they believe will get the data handed over to them. This may include using personal details they found on social media, spoofing email addresses so they look genuine and crafting emails with a sense of urgency. Consequences can include business funds being lost to the Cyberattacker, malware installed on the business network or confidential business data being leaked.
Service providers will often send you many emails, which will often cause you irritation, however, it presents Cyberattackers with an opportunity. Clone phishing emails are direct copies of legitimate email messages sent from a trusted organisation. The difference being that any attached links or files are likely to be malicious or infected. Clone phishing emails will often come from an official email address that has been spoofed making it harder to be identified. Depending on the company cloned, these emails can do serious damage with the ability to deceive you into handing over your identity.