Common Types of Phishing Attacks

Aug 06, 2020

Common Types of Phishing Attacks

BY Chris Henderson

Cybersecurity

It seems that cybercrime has become a part of everyday life, and hackers are using any opportunity to take advantage of an unknowing victim to gain access to personal information for financial gain. As gatekeepers to the data of today’s small and medium businesses (SMBs), managed service providers (MSPs) are also becoming increasingly targeted by these attackers.

Some social engineering attacks are more obviously a scam than others. Education and cybersecurity training can mean the difference between compromised credentials and a failed attempt by a hacker.

One commonly used cyberattack is phishing. Phishing is an umbrella term for attacks that are typically delivered in the form of an email, chat, web ad, or website that has been designed to impersonate a real person, system, or organization. Phishing messages are crafted to deliver a sense of urgency or fear with the end goal of capturing an end user’s sensitive data and can result in wire transfer fraud, credential phishing, malware attachments, and URLs leading to malware spraying websites.

Here are a few different types of phishing attacks to keep an eye out for.

Spear Phishing

Spear phishing is an attempt to gain access to credentials or financial information from a targeted individual. Attackers pass themselves off as someone the target knows well or an organization they’re familiar with to gain access to compromising information and exploit the victim. These attacks are purposefully crafted to target a specific user or small group of users. They are typically crafted after research of the target has occurred, resulting in a more personally relevant phishing attack.

Whaling

Whaling is a form of spear phishing with a focus on a high-value target, meaning the fraudulent communication comes from a senior employee within an organization, to boost credibility. This approach also targets other high-level employees within an organization as the potential victims, and includes an attempt to gain access to company platforms or financial information. These attacks employ the same methods as spear phishing attacks.

Mass Campaigns

Mass phishing campaigns cast a wider net than the targeted techniques of spear phishing and whaling. True to their name, they are sent to the masses in an effort to convince a subset of the wide net to fall victim to their efforts. Typically, these are sent via email from a knock-off corporate entity insisting a password needs to be updated or credit card information is outdated. The damage caused by falling victim to a mass campaign may not be as immediately evident as more targeted attacks as there is a lag time between the successful attack and sale of the data obtained in the attack.

Ambulance Chasing Phishing

This form of phishing is commonly a mass campaign, but can also be spear phishing. With ambulance chasing phishing, attackers will play off of current crises to drive urgency for victims to take action that will lead to compromising data or information. For example, targets of this form of phishing may receive a fraudulent email encouraging them to donate to relief funds for recent natural disasters or the COVID-19 global pandemic.

Pretexting

Pretexting is a highly effective method of phishing as it reduces human defenses by creating the expectation that something is legitimate and safe to interact with. Pretexting involves an attacker doing something via a non-email channel to set an expectation that they’ll be sending something seemingly legitimate in the near future. For example, attackers may call and leave a voicemail acting as a vendor saying that their contract will be sent shortly via email. Then, an email pertaining to the voicemail will be sent containing malicious links.

These are just a few of the ways malicious actors will try to exploit businesses and their unknowing employees to gain access to credentials and financial information. To stay ahead of the curve, it’s crucial to educate your clients on the risks they face as the cybersecurity landscape continues to evolve and hackers become more sophisticated.

The Essential Cybersecurity Toolkit for SMBs

This great cybersecurity toolkit will grant you access to the tools needed to educate SMBs about protecting their business (and data) from this growing threat before it’s too late.

Read More

Subscribe to the Blog