What is Phishing?

Close to 91% of all cyber attacks start with a phishing email.

Gone are the days when a phishing email was only a dodgy email from scammers claiming to be a Nigerian Prince offering you mountains of cash.

Today’s cybercriminals use sophisticated Social Engineering techniques to launch highly targeted attacks to trick users into clicking on malicious links or opening attachments infected with malware such as Ransomware.

What is Phishing?

Phishing scams are a delivery mechanism for cybercriminals to coerce you into acting to their advantage. Such actions can range from clicking on a link to filling up a form with your username and password. 

Phishing emails typically include a URL link or attachment. Once you click on them, your computer will redirect itself to an unsafe website that’ll steal sensitive information from your browser or infect your device with malware. The latter is also known as a drive-by-download. Cybercriminals will then use your stolen data information to either commit identity fraud, sell it to other hackers, or threaten you with it by asking for a ransom.

what is phishing article

Most popular types of Phishing Attacks

Business Email Compromise (BEC) or CEO Fraud Scam

BEC phishing attacks are when cybercriminals pose as someone of authority within the company and use this fake persona to phish lower-level employees. Cybercriminals typically attempt to impersonate an organization’s CEO or any executive authorized to do wire transfers. Also, cybercriminals also do their homework by closely monitoring their potential victims and their organization’s internal structures. 

Business Email Compromise (BEC) or CEO Fraud Scam
Spear Phishing

Spear Phishing

Spear phishing attacks are similar to BEC phishing attacks in that they’re targeted at a specific audience. Unlike generic phishing emails that go out to thousands of people in wide-scale email phishing campaigns, spear-phishing attacks hone in on key individuals within an organization. Cybercriminals use social engineering tactics to personalize phishing emails to catch their victims off-guard with instructions to reveal information or perform specific actions. 

Whaling

Instead of targeting employees on the lower end of the organizational chain, Whaling is when cybercriminals target C-level executives. This type of attack is often deliberate and well-planned. The aim is to trick C-suite executives into revealing sensitive corporate data that they will then threaten to release if a ransom is not paid.

Whaling attack
Smishing and Vishing

Smishing (SMS Phishing) and Vishing (Voice Phishing)

Smishing and Vishing are phishing attacks that also use Social Engineering techniques to lure victims, but using a different channel rather than email. Smishing (SMS Phishing) and Vishing (Voice Phishing) reach victims via mobile phones. Attackers usually bait victims by using banks and online retailers’ names to lure their targets in Smishing and Vishing attacks.

Angler Phishing or Social Media Scam

Angler Phishing attacks, also known as Social Media Scams, often seem like harmless social media posts. It became a typical phishing scam that utilizes the identity of the company’s accounts in social media claiming to be its official customer service channel. Most of the time, attackers create social media accounts on Facebook, Twitter, and Instagram using a handler similar to the official ones. In Angler Phishing, victims are usually offered the option to click a link to be taken directly to one of their team members. Instead, victims are redirected to malicious websites where frauds happen.

Angler Phishing or Social Media Scam

Top Phishing Techniques

Social Engineering

Social engineering is the technique of manipulating people, so they perform malicious actions or divulge confidential information. This technique exploits human psychology rather than technical hacking techniques to access a victim's personal and professional data. Click on the title to learn more about Social Engineering.

Ransomware

Ransomware is one of the most popular types of malware. After infecting a victim's computer, this type of malicious software blocks access to its victims' computer system and only restores its data upon payment (ransom). Click on the title to learn more about Ransomware.

Link Manipulation

Link Manipulation is a deceptive technique to write the hypertext (link) in a malicious email so it looks like a legitimate website URL. Using this technique, attackers create web addresses visually identical to a legitimate one but send victims to a fake malicious website instead.

Domain Spoofing

CEO Fraud and BEC attacks are examples of how the domain spoofing technique can be used. Domain spoofing in phishing emails tricks victims into opening or corresponding with a solicitation that impersonates a legit corporate email.

How to Prevent Phishing Attacks

Educate Users

Allow employees to report suspicious emails

Use firewalls and email filters

Define and enforce strict password management policies

Add an extra verification layer by using two-factor authentication (2FA)

Defend your employees against phishing attacks