Types Of Phishing Attacks And How To Stay Safe Online


Since the most of the new normal in our day to day lives consist of a healthy work from environment, one has to be careful and attentive when it comes to being safe online.  

What Is Phishing? 

Phishing is a simple tool that hackers use for deceiving people into handing over sensitive information or trick the users into downloading users’ harmful software. Hackers constantly innovate attractive and smart ways into tricking users to develop new types of phishing attacks to steal sensitive information that is valuable to you. Phishing is deliberately misleading and disguised as communication sent from legitimate sources. If you “bite” and follow the link, hackers can then steal information such as passwords, account numbers, or passport details. With this information, criminals can make purchases online, steal money, or commit identity theft. Here are different types of phishing attack that you need to self-protect yourself from;  

Deceptive Phishing: This is the most common type of scam. Fraudsters copy a legitimate company to steal personal data or login credentials. They use emails as threats creating a sense of urgency to scare the users and making them do what the hackers want. They use legitimate links into their deceptive emails. The hackers use “time bombing” strategy to redirect users to a phishing landing page. Only after the email has been delivered, victims have forfeited their credentials, the campaign then redirects victims to a legitimate web page. They use minimal email content.  

Spear Phishing: These hackers use personal touch into fooling the user to share their important details. In this type of ploy, fraudsters customize their attack emails with the target’s name, position, company, work phone number, and other information to trick the recipient into believing that they have a connection with the sender. Yet the goal is the same as deceptive phishing. Most of the attackers get these details via social networking sites.  

Whaling: The logic behind whaling attack is that fraudsters harpoon a senior level executive and steal their log in details. They choose a CEO to conduct this type of fraud. They infiltrate the executives account details to authorize fraudulent wire transfers to a financial institution of their choice. Alternatively, they can leverage that same email account to conduct phishing in which they request information for all employees so that they can file fake tax returns on their behalf or post that data on the dark web. 

Vishing: This type of attack goes out via an email and goes for placing a phone call. An attacker can perpetrate a vishing campaign by setting up a Voice over Internet Protocol (VoIP) server to mimic various entities in order to steal sensitive data and/or funds. They disguise their phone number and makes it look like its coming from a legitimate phone number.  

Smishing: Not only calls, users can be tricked into a cybersecurity attack by receiving SMS with malicious links attached. These links to trigger the automatic download of malicious apps on victims’ mobile devices. Those apps could then deploy ransomware or enable nefarious actors to remotely control their devices. 

Pharming: In this type of a cybersecurity attack, hackers send out emails containing malicious code that modifies host files on the recipient’s computer. Those host files then redirect all URLs to a website under the attackers’ control so that they can install malware or steal a victim’s information.  

To ensure that you don’t fall prey to what looks like a phishing attack, here are a few tips to keep in mind; 

  • Be aware of the weird activities and be smart when working online. Make a habit of being aware of what you are clicking into.  
  • Never share any information online unless it is absolutely necessary. Make sure your websites are trusted. 
  • Change and modify your passwords regularly. Do not share them with everybody and change them every six months.  
  • When your browser gives a new update, don’t delay it for eternity. Firewall and antispyware should be used to be safeguarded from the threats of a phishing attack. 
  • When you notice something suspicious, don’t just ignore it. Be conscious of others who might face it and report it right away.