Phishing attacks have existed since the dawn of the internet. The first phishing attacks were carried out by cybercriminals in the mid-1990s when they used the America Online (AOL) service to steal passwords and credit card information. While modern attacks employ similar social engineering models, cybercriminals employ more sophisticated tactics. At its core, phishing is an attack methodology that employs social engineering techniques to persuade people to take action detrimental to their best interests. Organizations can better protect their users and data if they understand the ten types of phishing attacks and how to identify them.
1. Phishing via email
Email phishing, also known as “deception phishing,” is one of the most well-known attacks. Malicious actors send emails to users impersonating a well-known brand and then use social engineering tactics to create a false sense of urgency, leading them to click on a link or download an asset.
Traditionally, the links lead to malicious websites that steal credentials or install malicious code, referred to as malware, on a user’s device. The downloads, typically PDFs, contain malicious content that instals malware when the user opens the document.
How to Spot Email Phishing?
The majority of people are aware of some of the primary indicators of a phishing email. However, for a quick refresher, some traditional things to look for when attempting to mitigate risk are as follows:
- Look for Contact Information or Other Legitimate Information: Find the organization’s contact details that sent you an email, then look for things like misspellings or a sender email address with the suspicious domain.
- Malicious Versus Benign Code: Be on the lookout for anything, including code, that attempts to fool Exchange Online Protection (EOP), such as downloads or links with misspellings.
- Shortened Links: Avoid clicking on any shortened links because they are used to deceive Secure Email Gateways.
- Fake Brand Logo: Check the message for any logos that appear real, as they may contain malicious HTML attributes. Ignore emails with only an image and very little text because the image could be hiding malicious code.
2. Https-based Phishing
Because it employs encryption to increase security, the hypertext transfer protocol secure (HTTPS) is frequently regarded as a “safe” link to click. In addition, because HTTPS establishes legitimacy, most legitimate organizations now use it instead of HTTP. But on the other hand, Cybercriminals are now using HTTPS in the links they include in phishing emails.
How to Spot Https Phishing?
While this is frequently used as part of an email phishing attack, it is a slightly more nuanced approach. Consider the following factors when determining whether a link is legitimate or not:
- Shortened link: Check that the link is still in its original, long-tail format and displays all URL parts. Hypertext links are “clickable” links embedded in text that hide the true URL.
3. Phishing for Personal Information
Although email is used in spear-phishing, it is used in a more targeted manner. Cybercriminals begin by gathering information from published or publicly available sources, such as social media or a company’s website, using open-source intelligence (OSINT). Then, people target specific individuals within the organization by using real names, job functions, or work phone numbers to fool the recipient into thinking the email came from someone else. Finally, because the recipient believes this is an internal request, the individual performs the action specified in the email.
How to Spot Spear Phishing?
- Unusual Request: Keep an eye out for internal requests from people in other departments or that appear out of the ordinary given the job function.
- Links to Shared Drives: Links to documents stored on shared drives such as Google Suite, Office 365, and Dropbox should be avoided because they can redirect to a bogus, malicious website.
- Password-Protected Documents: Any documents requiring a user login ID and password could be an attempt to steal credentials.
4. Whaling/ceo Deception
Whale phishing, also known as whaling or CEO fraud, is another type of corporate phishing that uses OSINT. Malicious actors research the name of the organization’s CEO or another senior leadership member using social media or the corporate website. They then use a similar email address to impersonate that person. For example, the email may request a money transfer or that the recipient review a document.
How to Spot CEO Fraud?
- Unusual request: If a senior leadership member has never contacted you before, proceed with caution.
- Email of the recipient: Because many people use email applications that connect all of their email addresses, make sure that any request that appears normal is sent to a work email address rather than a personal one.
5. Voice Fishing
Voice phishing, also known as “vishing,” occurs when a cybercriminal calls a phone number and creates a false sense of urgency, causing a person to act against their best interests. These calls are typically made during times of stress. During tax season, for example, many people receive bogus phone calls from people claiming to be from the Internal Revenue Service (IRS), indicating that they want to conduct an audit and require a social security number. Because the call generates a sense of panic and urgency, the recipient may be duped into disclosing personal information.
How to Spot Vishing?
- Caller ID: The number may be from an unusual location or may be blocked.
- Timing: The call’s timing coincides with a stressful season or event.
- Requested Action: The caller asks for personal information, which appears unusual for the type of caller.
Malicious actors frequently employ similar tactics across a wide range of technologies. For example, Smishing is the practise of sending text messages requesting that a person take a specific action. These are the next step in the evolution of vishing. Frequently, the text will contain a link that, when clicked, will install malware on the user’s device.
How to Spot Smishing?
- Change in Delivery Status: A text message requesting that the recipient take action to change a delivery will include a link, so always check emails or the delivery service website to check status.
- Unusual Area Code: Before responding to a text or taking a suggested action, check the area code and compare it to your contacts list.
7. Angler swindling
Social media has emerged as a new hotspot for phishing attacks as malicious actors shift between attack vectors. Angler phishing, like vishing and smishing, occurs when a cybercriminal uses a social media application’s notifications or direct messaging features to entice someone to take action.
How to Spot Angler Phishing?
1. Notifications: Be wary of notifications indicating that you have been added to a post because they may contain links that take recipients to malicious websites.
2. Exceptional direct messages: Be wary of direct messages from people who rarely use the feature, as the account may have been spoofed or fraudulently recreated.
3. Website links: Never click a link in a direct message, no matter how legitimate it appears, unless the sender regularly shares interesting links in this manner.
Pharming is more technical and, in many cases, more difficult to detect. The malicious actors take over a Domain Name Server (DNS), a server that converts URLs from natural language to IP addresses. When a user types in the website address, the DNS server redirects the user to the IP address of a malicious website that may appear to be legitimate.
How to Spot Pharming?
- Unsafe website: Look for a website that is HTTP rather than HTTPS.
- Inconsistencies on the website: Be wary of any inconsistencies that indicate a bogus website, such as mismatched colours, misspellings, or unusual fonts.
9. Phishing clones
Another type of targeted email phishing attack is clone phishing, which uses services that someone has previously used to initiate the negative action. Most business applications that require people to click links as part of their daily activities are known to be malicious actors. They will frequently research to determine what types of services an organization uses regularly, then send targeted emails that appear to be from these services. Many organizations, for example, use DocuSign to send and receive electronic contracts so that malicious actors may create bogus emails for this service.
How to Spot Clone Phishing?
- Unusual timing: Be wary of any unexpected email from a service provider, even if it is part of your normal day-to-day job function.
- Personal details: Keep an eye out for emails that ask for personal information that the service provider never asks for.
10. The evil twin
An evil twin phishing attack employs a bogus WiFi hotspot, often disguised as legitimate, to intercept data during transfer. If someone connects to the bogus hotspot, malicious actors can conduct man-in-the-middle or eavesdropping attacks. This enables them to collect data such as login credentials or sensitive information sent across the connection.
How to Spot a False Twin Phishing Attack?
- Unsecure: Even if a hotspot appears familiar, be wary of any hotspot that prompts a device’s “unsecure” warning.
- Login is required: Any hotspot that does not normally require a login credential but suddenly requests one is suspicious.
Although phishing begins with social engineering techniques, some newer methodologies can be difficult to detect. Multiple steps can prevent malicious actors from successfully infiltrating systems, networks, and software, thereby reducing phishing risks.