9 types of phishing attacks

From smishing to whaling:
9 types of phishing attacks you should know about

Phishing is now a household name for many people. But did you know that there are many different types of fraudulent cyber attacks? We'll show you the main types of phishing you should know.

Whether for private individuals or companies: Phishing attacks pose a high risk to data. According to the BSI, phishing is still the biggest digital threat for many people. The Cybersecurity & Infrastructure Security Agency in the USA even estimates that 90 percent of all successful cyberattacks begin with a phishing attack.

Phishing involves people being contacted online by cyber criminals. They pretend to be an important contact or a company that the person is dealing with. This can range from close friends and superiors to banks and online retailers. The aim of the phishing messages is to simulate a situation that is as urgent as possible and to force people to act quickly. They are then asked to enter and send sensitive data in a hurry.

This data ends up with the cybercriminals. In this way, they gain access to accounts, mailboxes or even internal company structures. Cyber criminals have now come up with a number of ways and means to deceive us. We reveal the most important types of phishing so that you can better protect yourself against them.

The classic phishing attack targets a wide range of internet users. Cyber criminals send messages in the name of various organizations to email addresses that they have often bought on the darknet. The addresses often end up there through leaks or hacking attacks. The messages claim, for example, that your bank account or account with a company has been blocked. To unblock it, all you have to do is enter sensitive data in a form. Cyber attackers often disguise their email address to make recipients believe that it is a genuine message from the company. It is often enough not to reply to the email and log into the associated account. If there are no visible problems there, you can still contact support.

Spear phishing basically works like classic phishing. The difference is that the cybercriminals only target a particularly small group of people. This could be all employees of a company or only certain departments such as IT employees. The attackers often target sensitive data from the company - or access to entire systems.

Whaling is a somewhat more precise variant of spear phishing. Instead of contacting a specific group within an organization, the cybercriminals target the most important people. These include CEOs or other employees with access to all the company's data. If a whaling attack is successful, it is often followed by further attacks. By gaining access to a CEO's mailbox, the attackers can torpedo the entire company with genuine-looking phishing emails.

Vishing is also a subtype of phishing attacks, but differs primarily in the platform of the attack. Unlike email attacks, potential targets are called by the cybercriminals. The name vishing is a combination of phishing and voice. The attackers can also pretend that they are from a company such as Microsoft and that there is supposedly a problem with the target's PC. Calls from supposed bank employees are also common, as these vishing attacks allow quick access to account data.

Smishing also differs in the platform on which the phishing attacks take place. Smishing is a shorter version of the term SMS phishing. Accordingly, the fraudulent messages are sent via SMS or messenger services such as Whatsapp. With messengers in particular, the fraudsters often try to take over your account by asking you for a code while pretending to be one of your contacts.

With clone phishing, the attackers usually already have access to a specific email account of a private individual or company. To avoid having to come up with messages that look particularly genuine, they simply intercept real emails and copy them. While the original is deleted, they only change a link in the copy. For example, you might receive an email from your colleagues about the latest quarterly report. The attachment contains a link to a Google Doc. However, the malicious link does not lead to the document, but to a page that captures your login data or downloads malware.

Angler phishing makes use of social media platforms. Cyber criminals create fake accounts that are modeled on those of well-known companies or celebrities. They then make direct contact with private individuals, reply to their comments or like their posts. This is how they create trust. This can be particularly damaging if the attackers pretend to be customer support. They then send links to supposed support websites with possible solutions. In reality, they either intercept sensitive data or infect the target's devices with malware.

In pharming, the attackers manipulate access to websites. To achieve this, malware is often loaded onto the target's device by other means. When websites are accessed, the malware then manipulates the redirection and leads users to fake pages. All the data that users then enter on the page ends up with the cybercriminals.

The evil twin of Evil Twin phishing is the copy of a Wi-Fi access. If you are in a café with public Wi-Fi, for example, attackers can create a hotspot on their end device and give it a similar name. The hotspots are often not protected compared to the real access points, so users can log in without any obstacles. By connecting directly to the hackers' devices, a lot of data can be stolen from your devices.

Found on t3n.de/news/smishing-bis-whaling-neun-arten-von-phishing-angriffen-1679869/