There are various types of phishing attacks. However, in this article, we will determine the most common. type of phishing attack is always determined by the motive behind the phishing attack and who the phishing attack is being launched on. What does the attacker want to achieve? Who is he launching the phishing attack on? Is the person an executive director of a large famous entity, is the campaign meant to harm everybody because the attacker wants to steal information from a large group of people? Today let’s digest the various forms of phishing attacks so that we can employ weapons to defend ourselves
Deceptive phishing as one of the types of phishing attacks
Among the types of phishing attacks, deceptive phishing is the most common. With this type of phishing, attackers pretend to be from a reputable entity to steal people’s information such as passwords, ATM Card details, user names etc. An attacker will decide to simply create a fake link that may look like that of a famous entity. These fake links are often from attacker websites that have domains close to the legit website.
Spear phishing
One of the types of phishing attacks where the sender is specific is spear phishing. With spear phishing, the target is more specific to a particular individual to achieve a specific goal. Attackers often customize their emails with the target’s name, email address, email signature, position, and work phone number in order to trick the recipient into believing that the email is legitimate. The details of the victim are got from social media profiles in most cases.
Have you ever received a text message that is prompting you to click a malicious link? if yes that was an act of smashing. With smishing, the attacker sends a malicious link through texts. This can be in the form of a promotion that may be aimed enticing the victim into clicking a link which is not there. The aim of smashing is usually to trigger the download and installation of a malicious app that will infect the user’s device or lead him to be monitored. Sometimes they may be tricked into clicking a link to a form where the user will enter their data
Whaling
If you are a reputable figure in your organization such as a CEO, ED, etc, you are prone to whaling because you hold the heart of the company. With your signature, transactions in the bank get approved, properties are sold, people get employes. What is whaling? Whaling is the type of phishing where attackers send links with an aim of compromising an account of a big figure in an entity. This is done in order to steal the login details of the person. Once the attackers have managed to steal the details, they now carry out the attack to their advantage. They may use the account to launch transcations, approve employees, share sensitive documents that can bring down an entiy
Vishing
Vishing is one of the easiest phishing campaigns to launch. Even the uneducated carry out phishing campaigns. In Uganda, attackers normaly pretend to be calling from telecommunication companies asking for payments of expired services. With this type of phishing, the attacker uses a phone call to carry out the attack instead. Because people have discovered the tricks of scammers. attackers nowadays create a Voice Over Internet Protocol to make themselves sound reputable
Pharming
Attackers have adopted cache poisoning towards Domain Name Systems(DNS) instead of carrying out the usual phishing attacks. DNS system is used by the internet to convert alphabetical names into Domain IP addresses so that it can locate and direct visitors to services. With pharming, an attacker is able to change the IP address of a website and direct visitors to a malicous site. Attackers send emails containing a micture of benign and malicous code which modifies the host files. The host files redirect the URL to the attackers website
Angler phishing
With angler phishing, the attackers often create fake social media posts in order to lure the victim on clicking a phishing link that will entice the user to take action. In 2023, there was a job advert that was created by an attacker and it looks like a world vision job advert but it wasn’t. Sometimes scammers pretend to be from a reputable orgnization in the comment section. Once they engage with a desperate customer, they are able to access his personal information from his inbox
The goal of every phishing attempt is to steal information that will lead to compromise. Follow the procedures of preventing phishing in order not to fall victim. Learn that day by day, the world is gaining knowledge on how to prevent phishing and the more it does, the more attackers draft new ways of launching campaigns for successful attacks.
Leave a Reply