Phishing attempts can come in all sorts of shapes and sizes. It can be attempted through email, phone, corporate messaging systems, social media etc. We’re going to breakdown the top types of phishing attacks and who is vulnerable to them.
- Phishing
- You’ve probably seen a general phishing attempt. Hackers will send a phishing email to a large group of people just hoping someone will bite. These can be spotted by looking closely at the email address. Is there an “rn” instead of an “m” making the email address look familiar to you? These are easy to spot if you look at the details and stay aware of popular phishing methods.
- Spear Phishing
- Spear phishing targets a smaller, more specific, group of people. This is when a hacker has more information about the person their phishing. They may already have some or all of these details making the email or request seem more legitimate:
- your name,
- where you work,
- your job title,
- email address
- Other personal or professional details
- Spear phishing targets a smaller, more specific, group of people. This is when a hacker has more information about the person their phishing. They may already have some or all of these details making the email or request seem more legitimate:
- Whaling
- Whaling attacks target specific people in an organization like senior executives or people that have elevated access to sensitive/valuable information.
- The goal of whaling is to get as much information about the victim as possible such as personal addresses and social security numbers. They can get this information through a fake tax form, for example.
- Whaling attempts can be difficult to spot and are very dangerous.
- Smishing and Vishing
- Smishing and Vishing attempts are not done through email, but through phone. Smishing it an attempt through a text message and vishing is attempted through a telephone conversation.
- The attempt usually involves the attacker posing as a representative of a bank or financial institution. They will attempt to get access to your accounts by asking for “verification” of a credit card number or account number.
- This same method can be used to gain access to user accounts by asking for “verification” of your username and password.
Anyone can fall victim to a phishing attempt but keeping everyone in your organization trained on phishing trends, and implementing a spam filter, will help keep your environment safe!
