Close to 91% of all cyber attacks start with a phishing email.
Gone are the days when a phishing email was only a dodgy email from scammers claiming to be a Nigerian Prince offering you mountains of cash.
Today’s cybercriminals use sophisticated Social Engineering techniques to launch highly targeted attacks to trick users into clicking on malicious links or opening attachments infected with malware such as Ransomware.
What is Phishing?
Phishing scams are a delivery mechanism for cybercriminals to coerce you into acting to their advantage. Such actions can range from clicking on a link to filling up a form with your username and password.
Phishing emails typically include a URL link or attachment. Once you click on them, your computer will redirect itself to an unsafe website that’ll steal sensitive information from your browser or infect your device with malware. The latter is also known as a drive-by-download. Cybercriminals will then use your stolen data information to either commit identity fraud, sell it to other hackers, or threaten you with it by asking for a ransom.
Most popular types of Phishing Attacks
Business Email Compromise (BEC) or CEO Fraud Scam
BEC phishing attacks are when cybercriminals pose as someone of authority within the company and use this fake persona to phish lower-level employees. Cybercriminals typically attempt to impersonate an organization’s CEO or any executive authorized to do wire transfers. Also, cybercriminals also do their homework by closely monitoring their potential victims and their organization’s internal structures.
Spear phishing attacks are similar to BEC phishing attacks in that they’re targeted at a specific audience. Unlike generic phishing emails that go out to thousands of people in wide-scale email phishing campaigns, spear-phishing attacks hone in on key individuals within an organization. Cybercriminals use social engineering tactics to personalize phishing emails to catch their victims off-guard with instructions to reveal information or perform specific actions.
Instead of targeting employees on the lower end of the organizational chain, Whaling is when cybercriminals target C-level executives. This type of attack is often deliberate and well-planned. The aim is to trick C-suite executives into revealing sensitive corporate data that they will then threaten to release if a ransom is not paid.
Smishing (SMS Phishing) and Vishing (Voice Phishing)
Smishing and Vishing are phishing attacks that also use Social Engineering techniques to lure victims, but using a different channel rather than email. Smishing (SMS Phishing) and Vishing (Voice Phishing) reach victims via mobile phones. Attackers usually bait victims by using banks and online retailers’ names to lure their targets in Smishing and Vishing attacks.
Angler Phishing or Social Media Scam
Angler Phishing attacks, also known as Social Media Scams, often seem like harmless social media posts. It became a typical phishing scam that utilizes the identity of the company’s accounts in social media claiming to be its official customer service channel. Most of the time, attackers create social media accounts on Facebook, Twitter, and Instagram using a handler similar to the official ones. In Angler Phishing, victims are usually offered the option to click a link to be taken directly to one of their team members. Instead, victims are redirected to malicious websites where frauds happen.
Top Phishing Techniques
How to Prevent Phishing Attacks
Defend your employees against phishing attacks