You might be surprised at how much there is to learn when it comes to understanding sophisticated phishing schemes.
Here at SiliconRepublic.com we have written a fair bit about phishing schemes, what they are, how they affect individuals and organisations, and how you can recognise the warning signs. In keeping with our coverage, now it is time to discuss the various types of phishing attempts, because knowledge is power and you may be shocked at how many different kinds of schemes there actually are.
Email phishing
This is perhaps the most well-known phishing scheme and typically refers to a scenario where a person will receive a message from an unreputable source via email. The goal is usually to compel an individual to either share sensitive information or download malware by clicking on links or being redirected to a fraudulent web page.
Often it can appear as though the email has come from a widely known organisation and it is likely that you are one of hundreds, thousands or potentially millions to receive that message.
Spear phishing
Spear phishing is defined as an attack that is specifically tailored to an individual or organisation and is carried out via methods of communication such as phone calls, texts, emails and online messaging apps.
Typically, the aggressor will have prior knowledge of the person or group they are targeting and will have primarily one or all of the following; their name, place of employment, job title, email address, specific details about their role and even aspects of their network, such as friends, family and co-workers.
This information makes it easier to manipulate the target and convince them that the prompted action is necessary or safe.
Smishing and vishing
Smishing is a scam that is dependent on SMS messaging and vishing, or voice phishing, is carried out through phone conversations. Traditionally, the subject will receive what is pretending to be an official call, text or voicemail from an authoritative body, such as the bank, the tax office or a financial app, claiming that immediate action needs to be taken to secure your account or funds. This likely involves sharing your account information, sensitive data and transferring money or other resources.
Pharming
Pharming is a term used to describe when a malicious character uses code and manages to redirect the target to a fraudulent website for the purpose of obtaining sensitive information. Often the counterfeit website will imitate a legitimate one and the target might unwittingly divulge personal details such as passwords and credit card numbers, without realising that it is a dupe.
It can be a particularly insidious method as, unlike email or spear phishing, pharming depends on malicious code and a hacker-controlled website, meaning it can completely skip the step that requires the victim to click on a dangerous link.
Evil twin phishing
Speaking of insidious, evil twins are also an issue when it comes to identifying an elaborate phishing scheme. This is where a skilled unethical hacker mimics a Wi-Fi network that appears safe and familiar. When the unsuspecting users log in, the hacker can access and store their private information.
While this can happen on any device that is made vulnerable, it is typically a ploy used against people utilising public Wi-Fi, as those systems are far easier to compromise. A good rule of thumb is to avoid using public networks where possible, but if you have to, make sure to use a VPN or other protective software.
Watering hole phishing
Phishing at the watering hole is a form of cyberattack wherein hackers will target multiple unwitting people in order to access a certain network. Named after the real-life hunting tactic where predatory animals lie in wait at watering holes to pounce on unsuspecting prey, hackers will target a website commonly used by a group associated with the network they are aiming to penetrate and infect users with malware.
The purpose of the attack is usually to steal financial information, personal details and intellectual property from an organisation. While this kind of attack tends to be rare, research suggests that it can be highly successful as it is difficult to detect and prevent.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
