Phishing scams are the most common type of fraud out there. Often the gateway to much larger cyber security threats such as ransomware, malware, and identity theft, phishing has grown so much that just about every cyber security organization recommends some type of phishing awareness training for staff. But did you know that there are 7 types of phishing scams out there? To increase your phishing/cyber awareness, you need to learn what those 7 types are so you can spot them before you are fooled.
- Spear Phishing/Whale Phishing
Spear phishing is likely the most common form of phishing emails. This type of phishing campaign is usually targeted to a specific individual in order to acquire credentials, data or money. Cybercriminals will often use information found easily on social media, or in some cases that has been leaked onto the dark web, to craft convincing messages to illicit the desired reaction by scammers. Whale phishing is similar to spear phishing; the big difference is the size of the prey. With whale phishing, the target is usually a big executive or maybe a high-ranking government official. One of the most famous spear/whale phishing campaigns occurred in 2017 when a U.K. based hacker was able to convince an official in charge of U.S. cyber security he was President Donald Trump’s son-in-law Jared Kushner and disclose his personal email address unprompted.
- Smishing/Vishing
Smishing is phishing done through SMS text messages. Just like an email, you will receive an unsolicited text message that is trying to compel you to download a link and give up valuable personal information. Vishing is done though voice calls/voice mail. If you are in Canada, you have received numerous messages purporting to be from Revenue Canada which say that your SIN number has been compromised and you will be going to jail if you don’t phone them back. That is an example of vishing.
- Business Email Compromise (BEC)
Business email compromise starts and ends with a phishing attack. First, cybercriminals use phishing to obtain a password for a corporate e-mail account. Then, they use that account to impersonate the real owner of the account to defraud others of money or sensitive data. According to Proofpoint, 65% of organizations faced BEC attacks in 2020.
- Angler Phishing
Also known as social media phishing, as this type of attack takes place on social media. Hackers will imitate notifications from social networks to lure their prey into providing them with information and credentials. Some examples of this type of scam include job ads to gather company data or locate new targets.
- Brand Impersonation
This is a growing concern for many businesses. A Security Boulevard article reports that 81% of all spear phishing attacks impersonate a trusted brand to gain the trust of the email recipient. The emails most typically seen come from other technology companies, service providers, distributors, vendors, transportation companies, and insurers. With the growth of online shopping, emails impersonating Amazon and FedEx, just to name a few, have certainly increased.
Have you seen these types of campaigns personally? Did this list shock you? Now that you know about the 5 types of phishing campaigns, you can work to ensure you and your staff don’t get fooled by these types of scenarios. Ongoing cyber awareness training is a must, as is having offsite and offline backs of your important data. If you need setting up training, backups, or just want cyber security advice, contact Uzado today.