Most internet users have heard of the term “phishing”. And whether or not they know what it means, they have probably seen it before.
CloudM (CloudPages is now CloudM after a rebrand) recently developed a guide in which they bring up the six most common types of phishing attacks. To help inform our users, we wanted to share these types as well. Let’s dive in:
Deceptive phishing is by far the most common out there. In fact, there is probably a good amount of you that have been targeted by something like this. We hope you ignored it!
This type of phishing entails scammers sending you an email from, what appears to be, a legitimate company or service that you already use. In this email, the scammers would act as a representative of this company and request that you provide some personal information in a timely manner. With the end-goal being able to access your bank account.
Some deceptive phishing tactics will even include an illegitimate link disguised as one of the company’s web pages asking for login information. It’s always imperative to double-check the URL of sites like this to make sure you are on the correct domain.
Like deceptive phishing, spear phishing is using the same tactics to retrieve the same information, except things get a little more personal here.
Spear phishing will aggregate as much information about you and use this in the email. They may address you by your name, mention the company you work for, or even list your phone number. This is all information that they can attain from various social media sites. One thing to be especially aware of is ultimatums where the sender is requesting personal information before something bad happens. An example could be a “company” asking for your login information via email before your account is deleted.
CEO fraud is a longer process in which the scammers must successfully hack an account of a top executive in a company. With that account, they may send emails out to lower-ranking employees and request that money be transferred to a particular bank account.
When an employee gets a request from their boss, that request is usually going to be carried out no-questions-asked. But companies should make all employees aware of these scams and be weary of financials requests like this via email.
Possibly one of the scariest types of phishing attacks, pharming requires very little error from the actual end-user. Instead, the scammers are hijacking a website and redirecting the user to the scammer’s site even though the user typed in the correct URL.
Attacks like these make it vital that users are always aware of the URL they are on. If possible. keep an eye out for the HTTPS sign and refrain from entering personal information on sites that do not have HTTPS.
Another type of phishing is specifically targeting the super-popular services such as Dropbox and Google Docs. Both of which have millions of customers uploading, downloading, and sharing files on a daily basis.
Similar to spear phishing, these types of phishing attacks will send out emails disguised as Dropbox or Google docs, asking you to enter your login information to receive a document that has just been sent. It’s recommended to add extra security layers like two-step verification to avoid scams like these.
You may not be able to prevent yourself from becoming a target in these types of phishing attacks, but you can certainly prevent yourself from becoming a victim. Be sure to stay vigilant with all emails you receive and websites you visit. If an email seems suspicious and they are asking for information, play it safe and don’t respond or click on anything. Instead, go to the company they are claiming to be and have them confirm the email you received.
Using privacy services such as a VPN (MPN is a good one to try!) can also help you keep your internet traffic safe by connecting to a private network.