Types of “Phishing Attacks”

Phishing Attack

What is Phishing?

Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate source to tempt individuals into providing sensitive data such as personally identifiable information (PII), banking, and credit card details and password.

Types of Phishing Attacks

Spear Phishing

Spear Phishing

1. Attackers target specific individuals instead of a wide group of people.
2. Attackers research information about victims on social media, information like hobbies, job, family, interests, etc
3. After gaining knowledge about the victim attackers craft a targeted attack using gained knowledge.

This technique often used for the FIRST step to penetrate a company's defenses.

Deceptive Phishing (Most common)

1. In this Attacker impersonate a legitimate company in an attempt to steal people’s personal data or login credentials.
2. In this type of attack, the attacker sends frequent emails to users and emails contain threats and a sense of urgency to scare users into doing what the attackers want.

Example: A fake email from a bank asking you to click a link and verify your account details

Pharming Attack

1. Like phishing, pharming sends users to a fake website that appears to be legitimate.
2. But in this case, victims do not even have to click on a malicious link.
3. Attackers infect the user’s computer or the website’s DNS server and redirect the user to a fake site even if the correct URL is typed in.

This method of phishing leverages cache poisoning against the domain name system (DNS), a naming system that the Internet uses to convert alphabetical website names, such as “www.microsoft.com,” to numerical IP addresses.

Whaling

1. Attackers can target anyone in an organization, even top executives, like a CEO. High-level executives are able to access a great deal of company information.
2. It also makes it possible to usurp the identity of executives and to send emails to the members of the company to trap them.
3. whaling is similar to phishing in this it uses methods such as email and website spoofing to trick a target into performing specific actions, such as revealing sensitive data or transferring money.

Whaling is a term used to describe a phishing attack that is specifically aimed at wealthy, powerful, or prominent individuals.