phishing

 

 

Introduction to Phishing

 

Phishing is one of the top tactics used to steal personal information (2). This scam occurs when someone posing as a legitimate business, person, etc. fraudulently solicits information from an unsuspecting user.(1). Often times scammers pose as bankers, technical support agents or an employee at a doctor’s office.

This tactic is often times successful. This is due to the fact that most people wouldn’t think twice about answering a call from one a doctor’s office or a local bank.

Regardless, the end goal is simply to steal information. But, who they target and how the scam executes varies between the different methods.

To find out what happens to the information once a hacker obtains it, see our article on cyber threats (https://cyberprotectiongroup.com/number-one-target-for-hackers/).

Now that a brief explanation of phishing has been addressed, let’s take a look at the various types of this scam.

 

Types

Various forms of phishing exist, but they all boil down to similar methodologies. The most commonly used methods are: vishing, smishing, spear phishing and whaling. Now, let’s take a look at each type, individually.

 

Vishing

The first type of phishing happens to be the most popular, due to the fact that it has been around and used the longest.

Phishing + Voice Call = Vishing

Vishing scams target individuals over the phone. The visher may call an individual and pose as a trusted source. Examples include: a doctor’s office, banker, or technical support. The visher will ask for your personal information and end up stealing it, all while the victim presumes the call is from an actual employee or business.

The following paragraph is an example of how a vishing scam may go.

“Hello Mrs. Potts, this is your bank calling. There is an issue with your savings account and we had to freeze it. To regain access we will need some of you personal information to verify your identity. Can you please tell me your social security number, date of birth and address?”

The victim may be too concerned about their account being frozen to realize the call is fraudulent. The end result here is the hacker receives the information and the victim does not have any idea what was going on

 

Smishing

The next type of phishing scam is smishing.

Phishing + SMS = Smishing

A smishing attack comes through normal texts or messages on another platform.This includes but is not limited to twitter direct messages (DMs), Instagram DMs or Facebook private messages (PMs).

In a message, the malicious user could send a reset link for an account. The user clicks the link and enters information into a fake prompt where it will be stolen.

The end result is similar in all phishing attacks. Personal information has been obtained from the victim when they hand it over, unaware of the true nature of the message / call.


Spear Phishing

Phishing attacks are usually quite broad. Millions of calls and messages are sent out in the hopes that someone takes the bait. With spear phishing, the attacks are specifically targeted towards certain individuals.

A spear phishing attack may aim at a specific department in a company. For instance, an accounting department would be a major target. Within that department, an abundance of information regarding employees, customers, finance data and much more is being held. Thus creating a perfect target for spear phishing.

 

Whaling

Whaling is another variant of this scam that is similar to spear phishing. This type of attack aims at a specific targets like spear phishing. Within the specific target, this attack aims at higher ups in a company like CEOs, CFOs, etc.

Gaining the credentials of a CEO would give a hacker access to an entire company, and then the options are endless for what could come next.

Closing

In short, phishing scams keep creating new scenarios and evolving The key to staying ahead is to spread awareness and educate the public on how to identify such schemes and avoid them so you and your information remain safe.

 

 

References

[1][2]