Phishing has been present on the internet for a long time. It’s one of those boogeymen of the internet you were always warned about. “Be careful of e-mails from unknown senders because it might be a phishing scam.” “Don’t click any links from unknown senders.” These warnings go on to shape the general cautious internet user.
You don’t really pay them much attention until you or someone you know actually faces the consequences. It’s frightening to know that the moment you let your guard down, someone will steal your personal information and leave you vulnerable to blackmail, doxxing, and more.
These social engineering attacks can target anyone and everyone using anything from fake emails to fake mobile apps—whatever the attacker desires.
There are many types of phishing out there, and they are constantly evolving. It’s wise to familiarise the styles as well as how phishing actors operate. This way, you know it’s phishing if you ever encounter one. To get you started, below are the most common ones.
Here, now, is the OG of phishing schemes—email phishing. It has been around since the 1990s and is the most common type of phishing.
How it usually goes:
You receive an email informing you that your account is compromised. To remedy this issue, the e-mail demands immediate action from you, urging you to click on a provided link.
The good thing is these attacks are usually easy to spot because the email is riddled with bad grammar. Another way to check if the email is legitimate or a phishing scheme is to check the email source and the link you’re being directed to for suspicious language.
Spear Phishing and Whaling
Just like fishing with a spear allows you to target a specific fish, spear-phishing also targets a particular group or type of individuals like a company’s system administrator or head of security. An even more targeted type of phishing is whaling, where the attacker goes after a whale—usually a CEO, CFO, or any executive within a specific industry or business. The attacker then terrorises them with brand abuse.
How it usually goes:
It may be an urgent email stating the company is facing legal or monetary concerns. It prompts the executive to click on the link provided, taking them to a page where they are asked to enter confidential company data like bank account numbers and tax IDs.
Smishing and Vishing
The names sound cute, right? They seem like a new social media craze or TikTok trend. But there’s nothing cute about smishing and vishing at all. Smishing utilises text messaging or SMS to deliver a message to a cell phone containing a clickable link or a return phone number. Vishing is a phishing attack using a voice call.
How smishing usually goes:
You receive a text message that looks like it came from your bank, informing you that your account has been compromised. The attacker asks you to respond with your bank account number, SSN, and other personal bank details. If ever you fall for this, the attacker will have control of your bank account.
How vishing usually goes:
You receive a call from someone who claims he is a representative from your laptop provider.
They may inform you that a virus was detected on your computer. To install the supposed updated anti-virus software, they ask you to provide your credit card details.
Search Engine Phishing
While e-mail phishing is a classic scam, search engine phishing is a phishing scheme that rose with the internet. Also known as SEO poisoning or SEO Trojans, search engine phishing is usually orchestrated by hackers who work to become the top hit on a search in a search engine.
Since they appear as the top search result, victims will most likely click the link directing to the hacker’s website. That website is full of traps that steal your information or compel you to enter sensitive data.
There is always a tone of urgency and panic to these phishing messages, persuading the gullible ones to participate in their scheme unwittingly. For example, what you can do to protect your personal information is to stay vigilant, especially online, and secure your digital devices with cybersecurity software.
If you want to secure digital risk protection for you or your business, FraudWatch is the company you can trust. As the leading name in digital brand protection, we have been protecting client brands worldwide since 2003. Call us today to discuss our online brand protection services.