What are the most common forms of phishing? An overview
Republished with the permission of the Canadian Centre for Cyber Security
Phishing refers to any message that has been deliberately faked to make it look like it’s from an authentic sender. Phishing is one of the most common type of cyber-attacks because it can take so many different forms, such as emails, phone calls, and text messages.
And the best way to protect yourself? Arming yourself with the right information.
If you’d like to stay safe from phishing scams, it helps to know the tactics that a cyber-criminal can use against you.
Here’s a quick overview of the most common types of phishing campaigns that cyber criminals use to steal your information.
Smishing refers to any phishing message sent through SMS (also known as a text message).
Like other phishing messages, smishing involves a cyber criminal pretending to be someone they’re not to extract information from you. Usually, cyber criminals send messages that include a link that they’re trying to get you to click on.
The best way to protect yourself from smishing attacks is to be cautious about any messages you receive from phone numbers you don’t recognize.
If you’re still unsure, try to verify the information through other means. For example, if you receive a message from a sender who claim to be your bank, call your bank, using the contact information posted on the bank’s official website, to verify whether the request is legitimate.
Cyber criminals often rely on mass numbers to get results. They send as many messages as possible, to as many people as possible, in the hopes that someone responds. It only takes one response for a phishing campaign to be a success.
Spear phishing takes a slightly different approach. Rather than sending out mass messages a cyber criminal sends tailored messages to one person or a small group of people, making it a much more a targeted approach.
Spear phishing messages are tailored based on the potential victim’s line of work, interests, or personal characteristics. Cyber criminals conduct research about their victims and then use this information to make their messages seem more authentic or believable.
The messages are sent from what appears to be a credible source and reflect a subject that is relevant to the potential victim, making it even more difficult to discern what is – and what isn’t – a legitimate message.
Whaling attacks are aimed at senior executives or high-profile victims.
Cyber criminals target victims who have the authority to issue large payments from a company, organization, or government body.
The fake messages are designed to trick the victims into thinking that they must make a legitimate payment to another organization. Instead, the money is directed to the cyber-criminal.
Whaling messages can be very sophisticated, and if successful, the attack can yield hundreds of thousands, or even millions, of dollars. This possible large payout is an incentive for cyber criminals to carefully craft messages that look real.
But it looks real…
Many phishing attempts are simply about the exchange of information. Cyber criminals want you to reply with the information they are seeking, such as a social insurance number or an account number.
In other cases, cyber criminals send links to websites that look legitimate but, in fact, are close replicas designed to trick you into surrendering personal information.
This tactic of sending victims to fake websites is called spoofing.Spoofing is a tool frequently used with other tactics to encourage you to reveal personal information.
The best way to protect yourself against spoofing is to check the URL of a website you are visiting. If it doesn’t match with the organization it is claiming to be, it is likely being spoofed.
It can be difficult to protect yourself against phishing attacks. But arming yourself with the right information and knowing what to look for goes a long way towards staying cyber secure.
If you ever have a question or potential security concern, please do not hesitate to contact our team right away at firstname.lastname@example.org or call us at 888.930.9933.