There are a number of different types of phishing attacks, and cyber criminals are devising increasingly more sophisticated ways of catching us out. Here we look at a few definitions to make sure you are on the lookout and spot the next phish that might be sent your way.
A phishing email mimics a genuine email account/organisation. The aim is to trick the person receiving the email into clicking on a link where the recipient enters their username, password, and other personal details, such as credit card information. These are usually mass emails, sent to a large number of people. They take on the guise of an organization that would be familiar to the recipient, often with an urgent request which scares them into clicking on the link.
Angler phishing is the term used to describe phishing on social media, Linkedin, Facebook, Twitter, What’s App and Instagram, for example, with fake system and notification messages or via fake accounts sending connection requests.
Attackers use a replica of a legitimate email message, sending it from an email address that also resembles the sender’s email. The body of the email will look the same as the previous message, but the attachment or link has been swapped for a malicious one.
Smishing refers to conducting phishing via SMS. It usually involves tricking a user into clicking on a malicious link, redirecting them to a website where personal information is captured. Alternatively, the link might trigger the download of a malicious phone app, which may then deploy ransomware or remotely control the user’s device.
Spear Phishing is a phishing email directed at specific individuals or companies that the cyber criminal has sought out for attack. The email might look like it comes from a person that the recipient knows or does business with.
Vishing is “phishing by phone”, where the cybercriminal sets up a call that mimics another company to steal sensitive data or access funds. The perpetrator may disguise their phone number to make the call look like it is legitimate, lulling the recipient of the call into a false sense of security.
Targeted at high level personnel within an organisation, such as senior executives, that are more likely to have valuable information or financial influence, the goal of whaling is to steal data and money. Attackers gather information about the victim before crafting a specific message to gain the executive’s attention, which could be in the form of a customer complaint, or boardroom issue, for example.