Phishing is a crime, and one that takes the least effort – for the most part, with the potential for high reward. The primary purpose of phishing schemes is to con people into giving out their private information by sending emails that look very legitimate. Whether it is requesting banking information, or the most common one, prompting a user with a warning that their email account or other account needs some attention; these type of emails are tricking you into providing your personal information under the guise of a potential problem with your username and password. And, the main goal is to steal data, employee information, and/or cash.
“What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with. It’s one of the oldest types of cyberattacks, dating back to the 1990s, and it’s still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.” – Josh Fruhlinger (CSO Online, 2017)
There are many types of phishing schemes that it makes it difficult for the common user to identify whether they are being targeted.
I’ve gathered and borrowed information from various sources which describe the many types of phishing attacks, to help you identify and recognize a phishing attack. The most common types of phishing schemes are: Mass-market email, spear phishing, whaling phishing, BEC phishing (Business Email Compromise), clone phishing, vishing, and snowshoeing.
Mass-market phishing: This is the most common form of phishing scheme. Someone sends you an email pretending to be someone else (Spoofing); instructing you to take action in one way or another, logging into a website, or downloading an attachment (usually malware). Primarily, these types of phishing attacks look like a service delivery notification, a warning message about passwords expiring, or a message about email storage quotas.
Spear phishing: These types of attacks target high value victims and organizations. Instead of targeting thousands of consumers, the attackers may find it more lucrative to target a selected number of individuals or businesses. A nation-state attack may target an employee working for another goernment agency, or a government official, to steal state secrets and large amounts of money in the process. Spear phishing attacks are highly successful, a lot of research time is spent, and carefully crafted information is gathered by the perpetrators in order to specifically target an individual or organization – such as referencing a conference receipt, or sending a malicious attachment where the filename makes reference to a specific topic of relevance to the victim.
According to CSO Online, a recent phishing campaign, Group 74 (a.k.a. Sofact, APT28, Fancy Bear) targeted cybersecurity professionals with an email pretending to be related to the Cyber Conflict U.S. conference, an event organized by the United States Military Academy’s Army Cyber Institute, the NATO Cooperative Cyber Military Academy, and the NATO Cooperative Cyber Defence Centre of Excellence. While CyCon is a real conference, the attachment was actually a document containing a malicious Visual Basic for Applications (VBA) macro that would download and execute reconnaissance malware called Seduploader.
Whaling phishing: This phishing attack targets specifically the top executives of an organization – the big fish, thus the term “Whaling”. Those potential victims are of high value, and their information can provide higher returns if successfully phished. Again we see another sophisticated phishing scheme, because in-depth research needs to be done by the attacker(s). These attacks come in the form of legal subpoenas, customer complaints, or executive level communications.
BEC phishing (Business Email Compromise): By impersonating financial officers and CEOs, criminals attempt to trick victims into initiating money transfers into unauthorized accounts.
Typically, attackers compromise the email account of a senior executive or financial officer by exploiting an existing infection or via a spear phishing attack (stealing username and password). The attacker lurks and monitors the executive’s email activity for a period of time to learn about processes and procedures within the company. The actual attack takes the form of a false email that looks like it has come from the compromised executive’s account being sent to someone who is a regular recipient. The email appears to be important and urgent, and it requests that the recipient send a wire transfer to an external or unfamiliar bank account. The money ultimately lands in the attacker’s bank account.
According to the FBI’s Internet Crime Complaint Center, BEC scams have generated more than $4.5 billion in actual and attempted losses, and they are a massive global problem. – F. Rashid (CSO Online, 2017)
Clone phishing: This type of attack requires the attacker to create a nearly identical replica of a legitimate message (We’ve seen many of those at work). The email is sent from an address resembling the legitimate sender, and the body of the message looks the same as a previous message. The only difference is that the attachment or the link in the message has been swapped out with a malicious one. The attacker may say something along the lines of having to resend the original, or an updated version, to explain why the victim was receiving the “same” message again. Some clone phishing go to the lengths into creating a cloned website to further trick the victim.
Vishing: Not all scams are targeted via email, recently, criminals have resorted to use phone calls to try to trick people into sharing information (Social Security Numbers, Bank Accounts and PIN, Credit Card Numbers, etc.) by pretending to be calling from Microsoft’s Support Center, the IRS office, bank, etc. The attack may leave you a message instructing you to call back to a number to “fix” your incident related issue. Again, the main purpose to steal personal information, and/or cash.
Snowshoeing phishing: Also called “hit-and-run” phishing attacks requires attackers to send out messages through multiple domains and IP addresses. Messages are sent at a low volume, so spam filtering technologies can’t recognize and block malicious messages right away. Some of the messages make it into your inbox before the filters identify to block the offending messages.
For most of the phishing attacks, the criminals leverage the use of social engineering to gather information about the company, or an individual in the case of whaling attacks, and also criminals are becoming more sophisticated with their tactics. Some criminals, have taken to use machine learning or artificial intelligence technologies. It is then more and more the responsibility of a savvy user to identify, and report these kinds of attacks. For example, spam filters are not useful against whaling and BEC attacks.
But how do you prevent phishing, or falling victim to a phishing attack?
It has become so much harder to identify a phishing attack nowadays. However, the best way to learn to spot phishing emails is to learn from examples of attacks captured in the wild. Check the video below for “How to Spot a Phishing Email” Since I work at Northwestern University, here are some examples of phishing emails that have been identified and blocked by our Information Security Office
There also are a number of steps you can take and mindsets you should get into that will keep you from becoming a phishing statistic, including:
- Always check the spelling of the URLs in email links before you click or enter sensitive information
- Watch out for URL redirects, where you’re subtly sent to a different website with identical design
- If you receive an email from a source you know but it seems suspicious, contact that source with a new email, rather than just hitting reply
- Don’t post personal data, like your birthday, vacation plans, or your address or phone number, publicly on social media
- If you suspect you have received a phishing scam email, don’t hesitate to contact your local IT Department, they are always looking forward to help you, and to help prevent the spread of such email scams.
Phishing is a social engineering attack and this technique is used to steal the sensitive data of the victim and attacker use the social media platform. There are many types of phishing attack such as pharming, spear phishing etc also can visit Fix Epson Printer Error Code 0x9d for more information in details.
Phishing is the biggest threat to this computer world so it is very essential to keep secure yourself from the phishing attack that for that you should have a proper idea about it. Phishing is a type of cyber attack which is used to obtain the sensitive data of the victim such as bank details, password, user ID et via social media platform also can check https://uaedatarecovery.com/data-recovery-for-apple-devices/ for more information in detail.
Phishing is nothing but the most used email scam and it has affected most of the users and the users have lost their online details and credentials. To know more https://emailsupports.net/fix-outlook-error-0x8004010f/
Phishing attacks are involved by fake websites, emails, social media accounts, messages, which look like they come from a trusted entity. for example, you may receive an email that looks like it’s from your cryptocurrency wallet provider asking you to log-in and after login, all the details will be caught by the attackers also can check windows error 80070103 for more information in detail.
“The email appears to be important and urgent, and it requests that the recipient send a wire transfer to an external or unfamiliar bank account.”…It’s over. thanks for interesting share about that.
Phishing is the biggest threat to this computer world so it is very essential to keep secure yourself from the phishing attack that for that you should have a proper idea about it also can check windows 10 startup folder not working for more information in details.
That is why, we need to be careful all the times, especially in doing online transaction and opening some emails. Better to check the website address if it is legit.
visit website
his type of attack requires the attacker to create a nearly identical replica of a legitimate message
Phishing is a crime, and one that takes the least effort
sending a malicious attachment where the filename makes reference to a specific topic of relevance to the victim
It has become so much harder to identify a phishing attack nowadays. However
The primary purpose of phishing schemes is to con people into giving out their private information
Indeed its a very common way of attack. But I am sure that yahoo has the capability to stop all the phishing attacks.
Thank you for your comment, much appreciated!
I believe that email providers are getting better at stopping phishing, but there’s always the human factor that comes into play. You can have all the best security technology and blocks available, but if someone falls for a phishing email, no amount of technology is going to prevent that. No email is created equal, and there’s always someone out there trying to circumvent or break those blocks.
Thanks for sharing the valuable information with us.
I get to know some useful ideas about phishing here. This type of information is very rare. Thanks for sharing. It helps me to work for Satta King Company, the popular platforms
You can have all the best security technology and blocks available, but if someone falls for a phishing email, no amount of technology is going to prevent that
but there’s always the human factor that comes into play
Good article i love it, It was a nice post
Important not to post personal data, like your birthday, vacation plans, or your address or phone number, publicly on social media
The primary purpose of phishing schemes is sending a malicious attachment where the filename makes reference to a specific topic of relevance to the victim. security technology and blocks available, but if someone falls for a phishing email
thanks for sharing
Yes, currently there are a lot of crimes online. As obtained by at that time we stupidly entered the user and pass to the unknown web
Increasingly, phishing is becoming more and more spread by irresponsible hackers.
Take care of your social media accounts so they don’t happen again like konveksi tas jogja who got phishing attacks
It is very interesting that this discussion makes me have to be careful when viewing sites that are not clear.
Hi there! I just would like to give you a big thumbs up for the great information you have here on this post. I am returning to your website for more soon.
Very Nice Blog Thanks for sharing This Useful information.
Regardless of what the student’s needs are, they can find support through online paper help services. This will guarantee that they do well in school and their instructive improvement will progress at a movement that they are skilled to deal with.
Yes, currently there are a lot of crimes online. As obtained by bad websiete at that time we stupidly entered the user and pass to the unknown web
In 2018 I faced a phishing attack through Graphics URL link but thank god I’m saved
Thanks
Good Job, I like it Article
I am very glad to read your article , I appreciate your work .
Thanks for article sharing
well explained article, write more about Windows security flaws!
If you suspect you have received a phishing scam email, don’t hesitate to contact your local IT Department
Wonderful stuff you have shared with us.
Great article. Thanks for sharing.
Phishing is one of the most common methods of cyber crime, but despite how much we think we know about scam emails, people are still falling victim.
Effective phishing awareness programs have been proven to reduce risk by up to 80%, emphasising the point that you cannot depend on technical defences alone.IF AN EMAIL SEEMS PHISHY. THEN IT PROBABLY IS!
I really loved the article its full of some amazing information. But can we keep our hotmail account safe from phishing websites or tricks?
Unfortunately, anything that has an online presence is vulnerable to attacks. Phishing can take many forms, and perhaps the best solution is to be aware and educated on how to spot a spam/phishing email from a legitimate one.
Amazing
Howdy, i read your blog occasionally and i own a similar one and i was just curious if you get a lot of spam feedback? If so how do you reduce it, any plugin or anything you can advise? I get so much lately it’s driving me mad so any support is very much appreciated. facebook
Thank you for reading my blog. I do receive a lot of spam feedback, I haven’t investigated into a plugin to block/reduce the spam; I’ve taken the painstaking task of marking what seems to be junk as such. If I do find something, I will gladly share it. – Cheers!
Whether you’re looking to dress up an outfit or just add a touch of flair to your everyday look, adoro has the perfect shoe for you! With unbeatable quality
Follow me : pabrik tas