Phishing is an attempt to obtain private information such as usernames, passwords, and credit card information from innocent victims online. Solely for malicious reasons by disguising as a trustworthy entity in an electronic communication.
The daily increase in usage of the internet coincides with the rise in phishing. Over 58% of organizations have seen a significant increase in phishing attacks over the last year. Despite that increase, most companies don’t feel prepared to protect themselves against phishing scams.
6 Most Common Types of Phishing Scams
Deceptive phishing refers to an attack by which fraudsters impersonate a legitimate company and attempt to steal people’s personal information for login credentials. The emails they send frequently use threats and a sense of urgency to scare users into doing what the attacker is requesting.
For example, PayPal scammers might send out a message that instructs you to click on a link to rectify a discrepancy with your account. The reality is the link leads to a fake PayPal login that collects your login information and sends to scammers.
Spear phishing is a more personal attack on the victim. These fraudsters customize the attacks with the target’s name, position, company, work phone number, and any other information in an attempt to trick you into believing that they have a connection to the email sender.
The goal is to lure the victim into clicking on a fraudulent URL or email attachment so that they will hand over their data. This type of phishing is most typical of social media sites such as LinkedIn, where attackers have the use of multiple sources of information to create a targeted attack email.
This type of attack targets top executives in organizations. This is known as a “whaling attack,” where the fraudsters attempt to harpoon an executive and steal their login credentials.
If they are successful in their attack and gain the login credentials, the next step is to impersonate the executive and abuse the individual’s email to authorize fraudulent wire transfers to a financial institution of the fraudsters choice.
Users are becoming savvy to traditional phishing scams; some scammers are abandoning the idea of “baiting” their victims entirely. They are now resorting to “pharming,” which is an attack that stems from a domain name system (DNS) cache poisoning.
Under a DNS cache poisoning attack, this type of phisher targets a DNS server and change the IP address associated with an alphabetical site address This means that an attacker can redirect users to a fraudulent website of their choice even if the victims entered I the correct website name.
This type of phishing can take place without the victim realizing what has taken place. Keep in mind there is no type of baiting involved in pharming phishing.
Dropbox is utilized by millions of people daily to backup, access, and share their files. Scammers are targeting this platform with phishing emails to unaware users.
A typical example is for the fraudster to entice users into entering their login credentials on a fake, cloned Dropbox sign-in page hosted on Dropbox itself, thereby gaining access to all files in that particular user’s Dropbox account.
Google Docs Phishing
In this type of phishing, fraudsters target Google drive in a similar way they prey upon Dropbox users. Google Drive supports documents, spreadsheets, presentations, even entire websites. Phishers can abuse this service to create a web page that mimics the Google account log-in and harvests user credentials.
These phishing fraudsters are very good at what they do, and spotting the signs of phishing is not an easy task. Listed below are some simple pointers that can assist you in recognizing a phishing scam.
How to Protect Yourself from Being a Victim of Phishing
Pay Attention to Poor Spelling and Grammar
Official messages from an organization are unlikely to have bad spelling or grammar. Poorly written notes should be an immediate red flag that the message is not authentic.
Look for Shortened or Unique URLs in the Phishing Email
Phishing emails are commonly used to coerce the victim into clicking through a link to a malicious or fake website designed for obtaining personal data. Take a second look and examine links more carefully before you click away.
Pay Attention to the URL
It may be slightly altered and something that you wouldn’t notice. Shortened or odd-looking URLs have most likely been changed by the fraudster in the hopes that you won’t see. Be suspicious of a strange or mismatched sender address.
The message may look legitimate with correct grammar and the right company logo, but what about the sender address? Phishers can’t fake a real address and rely on the fact that most users don’t even notice that the sender address is not valid.
The Message Looks Too Good to Be True
You just got free tickets, money, etc. If all you’re required to “click here” and you will receive gifts, you are most likely on your way to being the victim of a phishing attack. Remember, if it’s too good to be true, it’s too good to be true!
Training, Training, Training
This is the best way for companies to avoid being victims of phishing. Teaching staff what to look for can go a long way to prevent costly phishing schemes – disabling macros from being run on computers in the network and also play a big part in protecting employees from attacks.
Macros are designed to help users perform repetitive tasks with keyboard shortcuts, but they can work against you as well. Most newer versions of Office automatically disable macros.
Using the information above about the different types of phishing scams and how to protect yourself and your organization can assist in making you more alert and aware to prevent becoming a victim of these malicious fraudsters.
Utilize Social Catfish if you’re suspicious that you may be dealing with a phishing scam. Social Catfish is the expert in this field and will be very helpful in getting you the information you need to identify a phishing fraudster!