All the different types of phishing attacks
You could be at risk without knowing it. Guard yourself and your business by knowing these different phishing attacks and how to avoid them.
Phishing is one of the most common cyber threats faced by businesses today.
Being so common, it’s rather surprising to know that so many people are unaware of precisely what phishing is and means, plus all the different variations of phishing attacks that exist.
Even those who do know what phishing is are still caught out. According to a recent 2021 report, over 80% of organisations fell victim to phishing attacks last year.
This is why the team at Data Connect is helping raise awareness of some of the different types of phishing attacks with this helpful guide.
Listed below are just some of the most common types.
The impact of phishing attacks
Organisations must deal with many consequences after falling victim to a phishing attack.
As cyber-attacks are increasing each year, with far more complex approaches, members of an organisation must be aware of the risks and impacts of phishing attacks not only on their cyber security but on the company as a whole.
According to data from Tessian, the most common outcomes of a phishing attack include:
- Loss of data
- Credentials and/or accounts compromised
- Organisations infected with ransomware
- Malware infection
- Financial losses
Not only do phishing attacks create complicated scenarios for organisations to overcome, but they also put a company at risk of fines, disruption, loss of business, and income.
Plus, the cost to remediate the damages caused by an attack can often be extremely costly. Therefore, it’s important to understand phishing attacks and be aware of their different types.
Here are six of cyber criminals’ most common phishing techniques this year.
The most common and prolific style of phishing is email phishing. If you know only a little about phishing attacks, you will certainly encounter an email-borne attack.
The attack occurs when a malicious email is sent to individuals, often pretending to be an authentic organisation.
With the simple click of a link, cybercriminals can infect your device with malware or further manipulate you into giving away your personal information.
A recent cybersecurity report from Cisco found that at least one person clicked a phishing link in around 86% of organizations in 2021. Showing just how prevalent these attacks really are and the risk they pose.
Spear phishing is the term used to describe a type of phishing attack where the cybercriminal targets an individual rather than a generic mass user base.
Regarding the “success” rate, these attacks work due to legitimate content spoofing (imitating real emails).
The email can contain the recipient’s name and specific details, such as their role, phone number, and other details to make this as believable as possible.
It can also include trusted brands with which the attacker knows the individual engages. This is one of the most common reasons people fall victim to phishing scams yearly.
Whaling is a specific type of phishing attack used to target high-level individuals, most often CEOs and directors of organisations.
The culprit of the attack will trick the individual with fake emails to gain access to their credentials, install malware on their machines or coerce them into transferring money.
Directors are often targeted due to their authority within a business and the likelihood they will have access to more sensitive information.
An example of this is sending emails from them to others in the organisation to gain their trust and further access company data.
Smishing and vishing
These are two styles of phishing attacks using alternative forms of communication, moving away from emails.
Smishing refers to SMS phishing, sending a text message to lure victims.
Often, criminals spoof legitimate businesses and use social engineering techniques like demanding urgency to manipulate victims to engage.
According to Tessian, 56% of employees have received a scam text message, with 32% complying with the requests.
Often these texts will encourage a recipient to complete one of several steps, including:
- Opening a link to a fraudulent site
- Contacting a person
- Downloading an attachment or application
Statistics suggest this style of phishing attack is on the rise, with the number of smishing texts received almost tripling between 2019 and 2020.
You may have received a fraudulent text message in the wake of the COVID-19 pandemic, where criminals took advantage of the ongoing situation to target vulnerable people.
Vishing stands for “voice phishing” and is delivered over the phone to coerce victims into sharing sensitive information. Most people are already aware of this type of phishing.
This means that it had become more sophisticated and often isn’t the first stage in an attack (e.g. researching the victim or business first).
Social media phishing
Social media phishing is exactly as the name suggests, an attack executed via social media platforms. This includes popular platforms such as Facebook, Twitter, LinkedIn, and Instagram.
Usually, this will be used to gain control of a social media account, however, for businesses, this method can also allow malicious actors to gain data and credentials via individual employees’ profiles.
With the use of LinkedIn, it’s now even easier for criminals to find the information they need to carry out such attacks.
When it comes to protecting yourself and your organization from phishing attacks, some important steps to take include:
- Train your teams to recognize phishing emails with phishing simulations and training
- Help create a culture where employees feel welcomed to ask security questions and report suspicious activities or errors
- Limit the amount of damage that can be done by malware by restricting administrator access to only those that require it for their role
- Use multi-factor authentication (MFA) for all accounts
- OpenSea warns users of NFT phishing attempts after email leak
- Protecting your small business from phishing attacks
- Types of phishing attacks to protect against
- Anti phishing solutions – do you need one?