What are the different types of phishing attacks and how does it work?

What is Phishing?

Phishing, which sounds similar to fishing, is a type of cyber security attack. In this, the hacker sends messages pretending to be a trusted person or entity and then they launch their attack to steal the data or valuable information. A phishing message is sent out to manipulate the victim in a way that will convince them to install a malicious file in their system. After they click the file, they are asked to input the sensitive information which in turn is leaked. It is mostly used as social engineering which is an upcoming common threat and is used in all security attacks.  

How does phishing work?

Phishing is mainly caused and done by messages, sent mail, social media, etc. A phisher mainly uses public resources like social media platforms and websites to collect the personal information and work information of the victim. The hacker can use this information to create a very convincing fake message. The email received by the victim appears to come from a known person or organization. These attacks then can be carried out by using malicious attachments or links to malicious websites. When the victim opens these links the attacker tries to get his personal information like usernames, passwords, or payment information.

Types of phishing attacks

1. Email Phishing- Most phishing attacks are sent via email. The attacker registers fake or relatable domain names that are similar to real organizations and send thousands of common requests to victims. Many phishing emails use a sense of urgency to a user to comply quickly without checking the source or authenticity of the email.

• Spear Phishing- Spear phishing includes malicious emails sent to specific people. The phisher already has some of the following information about the victim:
• Name
• Where he works
• Job Title
• Email Address
• Trusted persons

• Whaling- Whaling attacks target senior management and other highly privileged roles. Employers holding high positions commonly have a lot of information in the public domain and hackers can use this information to craft highly effective attacks.

• Smishing and Vishing- In this phishing attack the phisher use a phone instead of written communication. Smishing involves sending fraudulent SMS messages whereas vishing involves phone conversations.

• Angler Phishing- In this type of attack, the phisher uses one or more fake social media accounts belonging to well-known organizations. The hacker uses an account that is the copy original social media account and uses the same profile picture as the real company account.

Prevention of Phishing

1. Install firewalls.
2. Rotate passwords regularly.
3. Get free anti-phishing add-ons.
4. Don’t click on any link.
5. Don’t give your information to unsecure websites.
6. Deploy a SPAM filter that detects a virus, blank senders, etc.
7. Keep all systems current with the latest security patches and updates.
8. Deploy a web filter to prevent malicious websites.
9. Encrypt all sensitive company information.
10.  Never share your credentials.

If you are planning to have effective and immediate action against these phishing attacks to protect your personal and organizational information, you can reach out to us. We offer planning, deployment, implementation, and documentation. You can contact us at +919773973971.

Author
Shivam Rana
Associate Consultant