Support: 020 3551 6272   Office: 020 3551 6262   support@ratcliff.it
Post Image

The Different Types of Phishing Attacks You Need to Know About

Ratcliff IT has recently been answering your question ‘what is phishing’ and what we can do to prevent attacks. It’s imperative to be aware of the most common email tricks to keep an eye out for so that your team can be alert to any possible danger. While there are some key tell-tale signs of phishing emails to be aware of, it’s also worth looking more in-depth into the different types of phishing emails that are out there.  

What is phishing 

Just to recap, phishing attacks are the most common form of cyber threat that we all face. Hackers target thousands of individuals and organisations worldwide every single day. These attacks are used to deceive individuals into divulging sensitive data or granting access to unauthorised users.  

Types of phishing 

Phishing attacks are becoming increasingly sophisticated. There is no one golden rule to avoid all phishing attacks – sadly, they are evolving and changing as time goes on. Remaining alert and educated to the threats that face your business is crucial.  

Email phishing  

The most common type of phishing attack is via email. These come from a fake domain that has been cleverly worded so that it tricks people into believing it is legitimate. For example, you might receive an email from ‘rnicrosoft’ and not realise at a glance that the hacker has typed ‘r’ and ‘n’ instead of the correct spelling of Microsoft.  

Always keep a vigilant eye on the email address that you receive an email from. It’s always worth clicking to expand when you check emails on your phone to be sure that it is from the correct domain.  

Spear phishing 

This type of phishing attack is also via email, but spear phishing is more targeted than generic phishing emails. They target a specific individual and will already have information about that individual to make the attack more personal.  

The kind of information they have to trap the victim is often: their name, their job title, email address, specific information about their work etc.  

When people are shown information about their job via email, they are more likely to think it is from a colleague or legitimate with regards to their organisation.  

Whaling 

Like spear phishing, whaling cyber-attacks also use emails but are even more targeted and detailed. They usually aim for senior employees in an organisation to access higher sensitivity information. The data they have can include anything from full names, addresses, National Insurance numbers or tax forms that include all of the above.  

Smishing and vishing  

No, it’s not a made-up term – this is a real thing! Smishing and vishing refer to telephone phishing scams, rather than email scams. Smishing is when the attack comes in the form of a text, whereas vishing is when it is via a phone call.  

As with phishing emails, the aim is also to get sensitive information, usually around making a payment to the hacker’s account without them realising.  

Angler phishing 

This is the newest form of phishing attacks that uses fraudulent and malicious online platforms. For example, the hacker might go to the effort of creating or cloning and entire website or social media account.  

If a hacker can get into someone’s world on social media, they can encourage a victim to download malicious software to access all their data.  

People share a lot on their social media accounts, believing that they are secure. However, it is so essential to ensure that your privacy settings are up to scratch, and you aren’t connected with fake accounts.  

Viruses can infect victims on a large scale. By just infecting one victim’s account, hackers can much more easily spread malicious software and retrieve data from all their friends too.  

How to prevent phishing 

One of the most efficient ways of preventing phishing attacks is to ensure that your team are educated, informed and alert. Knowing which red flags to look out for makes all the difference.  

Even if your team have had cybersecurity training in the past, as we’ve seen here, the attacks are ever-evolving. It’s vital to retrain regularly and audit your processes to ensure that you are alert to new threats.  

Keep your staff and your customers safe. 

Start becoming a security-aware workplace today.  

References: https://www.itgovernance.eu