Phishing is one of the most common social engineering attacks conducted by cybercriminals to trap users into providing sensitive information or install malware into their system. According to the FBI, Phishing was the most conducted cybercrime in 2020; the number got doubled from 2019 to 2020.
Though the final goal is the same, i.e., to attack victims psychologically, the attackers use different means to conduct Phishing.
Depending on the way it is conducted, Phishing can be categorized into various types. In this post, we would discuss the five most popular types of Phishing attacks.
Phishing through emails is pretty widespread among cyber attackers as through emails, thousands of users can be targeted at once. The Phisher behind the email would generally try to deceive the users by sending intriguing offers or fake virus alerts.
Due to greed of getting the offer or fear of viruses, most receivers would do what exactly instructed in the email and thus either provide their confidential information or install malware programs disguised as fake antivirus to remove viruses.
While in Email Phishing emails are sent to a large number of people at once, in Spear Phishing, the cybercriminals target specific people through emails. For that, the attackers conduct extensive research of the target person and know details like Name, Job, Place of employment, job title, email address, bank, and more.
After getting all the details, they trap the targets by sending an email pretending from their seniors or from their bank. The targeted emails are designed carefully so that victims cannot doubt them.
In this type of Phishing, the domain of the popular eCommerce sites and banks are copied and modified to look exactly like the original URL so that users misjudge them as the official sites; for example, amazon.com is spoofed as amzn.xyz. After spoofing a domain, users are sent unsolicited links and asked to click on them to get offers and deals.
The attackers even design web pages similar to the website they have copied. Other than that, the Phishers also send emails with the ID generated with the spoofed domain so that the email appears authentic and official.
Smishing or SMS Phishing is a type of Phishing in which the Phishers fool users by sending fake offers through SMS. The links shared through Smishing are generally malicious and redirect users to download fake malware containing apps.
The attackers trick users by framing catchy text messages; for example - "Get 50% Off on your next purchase at Amazon. Click here to avail the offer" or "Get Spotify Premium for Free. Click this link to download."
Yes, you guessed it correct. Like SMS Phishing is Smishing, the Voice Phishing is Vishing. Vishing is Phishing conducted through calls. The professional Phisher would call the targets pretending as some official and deceive them into providing sensitive information such as bank details or other essential credentials.
Most banking frauds are conducted through Vishing, in which the attacker pretends to be a banking official, calls the victims, tricks them into providing the card details, and wipes out their money.