Document

publishes content on Cyber security

Subscribe to You-tube

Types of phishing attacks

Please follow us to get the latest updates
Pin Share

The type of phishing attack is always determined by the motive behind the phishing attack and who the phishing attack is being launched on. What does the attacker want to achieve? Who is he launching the phishing attack on? Is the person an executive director of a large famous entity, is the campaign meant to harm everybody because the attacker wants to steal information from a large group of people? Today let’s digest the various forms of phishing attacks so that we can employ weapons to defend ourselves

Deceptive phishing

Deceptive phishing is the most common phishing attack. With this type of phishing, attackers pretend to be from a reputable entity to steal people’s information such as passwords, ATM Card details, user names etc. An attacker will decide to simply create a fake link that may look like that of a famous entity. These fake links are often from attacker websites that have domains close to the legit website.

With this type of phishing, attackers are fond of copying and pasting source code from websites of reputable organizations, adjusting the type of database that stores information so that they can access the information the user has through login forms. Analysis of the website is often similar to the legit one and victims who are not keen may not even know. An example of deceptive phishing is an attacker creating fake pages of LinkedIn and then circulating them to various emails so victims are lured to apply for the job

Spear phishing

With spear phishing, the target is more specific to a particular individual to achieve a specific goal. Attackers often customize their emails with the target’s name, email address, email signature, position, and work phone number in order to trick the recipient into believing that the email is legitimate. The details of the victim are got from social media profiles in most cases. With a customised profile, the other workers in the organization will believe the email is real and then fall victim. If an organization has a Communications Officer, the attacker will customize his email in order to look like that of the Communications officer, and then forward it to the accountant

Smishing

Have you ever received a text message that is prompting you to click a malicious link? if yes that was an act of smashing. With smishing, the attacker sends a malicious link through texts. This can be in the form of a promotion that may be aimed enticing the victim into clicking a link which is not there. The aim of smashing is usually to trigger the download and installation of a malicious app that will infect the user’s device or lead him to be monitored. Sometimes they may be tricked into clicking a link to a form where the user will enter their data

Whaling

If you are a reputable figure in your organization such as a CEO, ED, etc, you are prone to whaling because you hold the heart of the company. With your signature, transactions in the bank get approved, properties are sold, people get employes. What is whaling? Whaling is the type of phishing where attackers send links with an aim of compromising an account of a big figure in an entity. This is done in order to steal the login details of the person. Once the attackers have managed to steal the details, they now carry out the attack to their advantage. They may use the account to launch transcations, approve employees, share sensitive documents that can bring down an entiy

Vishing

Vishing is one of the easiest phishing campaigns to launch. Even the uneducated carry out phishing campaigns. In Uganda, attackers normaly pretend to be calling from telecommunication companies asking for payments of expired services. With this type of phishing, the attacker uses a phone call to carry out the attack instead. Because people have discovered the tricks of scammers. attackers nowadays create a Voice Over Internet Protocol to make themselves sound reputable

Pharming

Attackers have adopted cache poisoning towards Domain Name Systems(DNS) instead of carrying out the usual phishing attacks. DNS system is used by the internet to convert alphabetical names into Domain IP addresses so that it can locate and direct visitors to services. With pharming, an attacker is able to change the IP address of a website and direct visitors to a malicous site. Attackers send emails containing a micture of benign and malicous code which modifies the host files. The host files redirect the URL to the attackers website

Angler phishing

With angler phishing, the attackers often create fake social media posts in order to lure the victim on clicking a phishing link that will entice the user to take action. In 2023, there was a job advert that was created by an attacker and it looks like a world vision job advert but it wasn’t. Sometimes scammers pretend to be from a reputable orgnization in the comment section. Once they engage with a desperate customer, they are able to access his personal information from his inbox

The goal of every phishing attempt is to steal information that will lead to compromise. Follow the procedures of preventing phishing in order not to fall victim. Learn that day by day, the world is gaining knowledge on how to prevent phishing and the more it does, the more attackers draft new ways of launching campaigns for successful attacks.

Please follow us to get the latest updates
Pin Share

Post classes

Old posts

What we do

Cyber security practical tips

Safe website design

Digital security training

Installation of cyber security software

Monitoring of child devices

Follow us on Social Media

Enjoy this blog? Please spread the word :)