Phishing, sending messages with the goal to obtain data from the recipient, has been on the rise in 2021 and we don’t expect it to go away any time soon.
Most people associate phishing with emails, but phishing attacks can also be done via SMS or social media.
Emails have been the most common channel for phishing because virtually everyone has an email address and they’re easy to find on the web.
Where phishing attacks differ is in their targets and approaches.
We share four different types of phishing everyone should recognize in 2022 and tips on how to spot that someone is phishing you.
1. Deception Phishing
Deception phishing is the most prevalent form of a phishing scam. You can recognize it by the short URL in the body of the email and a couple of sentences urging you to fulfill a request right away.
There are two ways this deception phishing can succeed:
- You click the URL which installs an app containing malware on your device and grants access to hackers
- Hackers scare you into revealing your passwords by creating a sense of urgency
This phishing attack is the most common kind because it’s low effort, but also highly effective. Malicious actors have to compose one email and send it to as many people as possible and wait until someone catches the bait.
This type of attack is also known for impersonating authorities or famous brands. You might get a fraudulent email concerning COVID-19 or a message from you might believe is the Netflix team.
Most businesses have email filters that redirect phishing emails to the spam folder, but cybercriminals are getting savvier by the minute and often find ways to surpass them.
Dead giveaways of email phishing are generic greetings, spelling mistakes, short emails with brand images, and short links.
2. Spear Phishing
Spear phishing has a higher success rate than deception phishing because they are personalized for an individual or a small group. This type is common in corporate environments.
Cybercriminals find your email or social media, learn more about you via LinkedIn, and craft a message that targets you specifically – often based on your position within the company.
They’re highly selective of their targets. The process of choosing the right victim includes learning not only about you but about another employee they intend to impersonate.
Unlike most phishing attacks that want you to open an attachment or click on the link they sent you in an email, this attack relies on you taking action that damages the company.
Clues that you might be a target of spear phishing include: receiving an unreasonable request from a coworker or vendor, and the email address of the sender doesn’t end in expected letters (e.g. co instead or com).
3. Whale Phishing
Whale phishing impersonates higher-ups within the company and encourages you to take immediate action.
Malicious actors find information about CEOs or other senior members and send other employees emails on their behalf. They might require a wire transfer, login information, etc.
This type of attack is effective because you don’t think twice if you get an email from your boss or other senior members of the company.
You can recognize whale phishing because it’s likely you’ll get an email from a senior member with whom you don’t communicate regularly or by spotting an unreasonable request.
4. Smishing Phishing
Smishing phishing primarily targets mobile devices. Malicious actors send out an SMS to their targets. The text contains links or urges them to reveal sensitive personal information.
Links in the smishing messages might trigger the download of the malicious apps or lead you to a website they designed to obtain your information – all to acquire access to your phone.
They also might ask you to change the delivery address of the item you ordered or contact customer support. On the other side of customer support will be a scammer that’s trying to get you to reveal your personal information.
Avoid getting scammed by the smishing texts by:
- Checking if the request of the address change matches the status of your parcel on the official website of the company
- Double-checking an unusual area code
How to Avoid Phishing
A couple of tweaks you can make right away to make your network more secure from fishing include:
- Installing a Firewall to fend off attacks even before they reach your network
- Installing an anti-virus to warn you that there might be a virus within your system
- Investing in basic cybersecurity training for your employees that teach them to recognize common types of phishing such as email phishing
Follow Techdee for more informative articles.