Home / News / Types of Phishing Attacks You Should Know About

Types of Phishing Attacks You Should Know About

61
fake spotify account alert email phishing scam url example

The FBI estimates that Americans will lose a whopping $12.5 billion to phishing schemes in 2023. You might think you can identify a scam email and not become a statistic; however, a malicious email is just one of many phishing attacks used by cybercriminals.




Email phishing

Originally, a phishing attack was only about trying to steal sensitive information or money via email. That’s because email was one of the first attack vectors criminals used to scam people online. It is still one of the most popular phishing schemes, with an estimated 3.4 billion emails sent daily, and is the most frequently reported crime to the FBI.

The vast majority of phishing emails used to be easy to identify. Bad grammar and odd choice of words were dead giveaways that the email was fake. That has changed since the advent of generative artificial intelligence like ChatGPT, which helps non-English speaking hackers quickly create emails that can fool anyone.


If you are wondering whether an email is real, please contact the alleged company directly, not by replying to the email. And whatever you do, if you’re not sure the email is authentic, don’t click on any links or download any attachments.

Smishing

Most people check a text within five minutes of receiving it because texts, unlike emails, are usually sent by friends, family and companies we trust.

Smishing is the same as email phishing, except that instead of receiving a fraudulent email, you receive an SMS. You probably received a message from Amazon notifying you that a package has arrived, even though you haven’t placed an order. Or maybe you received a text from a stranger who claims to have the wrong number but still insists on starting a conversation with you. Both are cases where the criminal is trying to get you to click on malware or trick you into giving him money.


Pig Butchering is an increasingly popular smishing attack where an attacker gains your trust before convincing you to invest in something (typically a fake crypto exchange) and eventually steals your investment.

Fishing phishing

“”>

social media app on smartphone screen with warning icon
Thaspol Sangsee/Shutterstock

We post a lot of information on social media for everyone to see. Fraudsters will use this information to create a highly personalized phishing attack.

An attacker combs your social media to learn about the products and services you use. They then impersonate a customer service representative from the company they discovered you are using. They will ask for sensitive information, send a malicious link or link to a fake website to steal your password or other details they can use to access your account.


Vishing

I recently received a call from a confident and cordial person who claimed to be from Wells Fargo and told me that a suspicious payment had been made to my card and that they needed to verify my identity. The first thing they asked for was my social security number.

This vishing attack had all the key ingredients that a social engineering attack needs to succeed. They said time was of the essence, scared me into almost giving them sensitive information, and pretended they had the authority to demand that information from me.

Fortunately, fraud blocking features and apps can limit malicious calls, but you should still be careful.


Spear Phishing

“”>

Fake Twitter verification email
A beeping computer

As previously mentioned, billions of phishing emails are sent every day. Most of them are the same emails sent out in bulk, pretending to come from a legitimate business, but not personalized.

Spear phishing is a much more personalized attack. Imagine that an email you received contained your name and sensitive information. Naturally, you would be much more willing to open it.

Spear phishing attacks are not used on the average person; rather, they are reserved for someone the hacker deems highly valuable. A hacker can invest time and money in gathering details about their target to create a highly personalized malicious email.

One variant of spear phishing is “whaling,” which is used for even higher-value targets such as C-suite executives and CEOs.


A watering hole

A watering attack works by compromising a legitimate website. Attackers can take over an entire website or find a vulnerability and inject HTML or JavaScript code that redirects users to a fake website. Because users trust the site, they are more likely to openly click on links and provide information such as credit card information, social security numbers, and login information.

Website spoofing

Have you ever tried to go to Amazon.com but mistakenly entered Amazonn.com? Despite the fact that you have arrived at a website that might look and feel exactly like Amazon, it is actually an impersonator website owned and operated by scammers. In a process known as typosquatting, criminals buy domain names similar to popular websites. They make these websites look similar, except they are completely designed to collect your sensitive information.


While phishing attacks are becoming increasingly difficult to detect, you can protect yourself by not clicking on links or providing sensitive information until you have verified beyond a reasonable doubt that the person you are corresponding with is from the company in question.

Comments