Cybercriminals are getting smarter. In recent years, they’ve devised more sophisticated types of phishing scams to tap into your personal information or steal your identity. Scammers no longer rely on basic phishing emails with obvious tricks. They masquerade as banks, credit card providers, friends, and colleagues. Their goal is to trick us into taking urgent action without thinking over the consequences. To avoid being scammed, it’s critical to understand the different types of phishing attacks and how they work. Many have clever, witty names, but these scams are no joke. Let’s explore common types of phishing attacks so you’re prepared if a hacker tries to reel you in.
Beware of the phishing scam that targets us all.
Email phishing is the most prevalent—and longest-running—phishing technique. In an email phishing scam, cybercriminals will send out email messages—often with suspicious links or attachments—to solicit personal info and cause financial harm. Two common ways to spot email phishing are typos and fake URLs. This type of phishing is usually random and sent to thousands of potential targets with the expectation that they’ll hook at least a few.
According to KnowBe4, a cybersecurity company that helps companies combat phishing, some of the most effective subject lines scammers used in 2022 were:
- IT: Zoom Client Update
- LinkedIn: LinkedIn Customer Service Survey
- Microsoft: Update your security settings
- Amazon: Suspicious charges
- Banking information does not match company information
Using familiar and trusted company names can catch us off guard. For example, a phisher may raise concern that your Amazon account has been hacked and then try to trick you into clicking a link to update your password without verifying that their Amazon-branded email is authentic.
Spear phishing and whaling attacks are more targeted.
Spear phishing is a type of phishing attack that targets particular individuals. Spear phishing differs from standard phishing attacks because the hacker already has specific information about you that they use to gain your trust. They may mention your bank or the name of your boss. They sometimes masquerade as your company’s HR or IT department, using urgent subject lines that urge you to take immediate action. They’ve done their homework, so they know how company emails are formatted and use that knowledge to catch us off guard.
Whaling is similar to spear phishing but targets a company’s upper-level management instead. Executives typically have access to an organization’s most sensitive information, making them a lucrative target. Hackers often masquerade as vendors, sending bogus invoices and creating fake websites. They might also pretend to be a human resources representative requesting payroll data. In one infamous case, a hedge fund company was sent a phony Zoom invite that resulted in the company approving $8.7 million in counterfeit invoices. The company dished out $800,000 before the attack was detected.
Smishing and vishing expand a hacker’s repertoire.
Other types of phishing scams involve tactics to reel you in through text messages or phone calls.
Smishing occurs when you receive a phishing attempt through text. You may receive an alert from your “bank” or a company you recognize asking you to click a link to secure your account or update your information. More smishing scams involve texts regarding IRS information, credit card alerts, and fictional prize winnings.
Vishing attacks are conducted through phone calls. The hacker has likely already tapped into your personal information, which they use to gain trust and credibility. This makes vishing a highly effective technique. An analysis of 2019 vishing attacks found that 75% of victims were tricked because the scammer knew about specific personal information. Caller ID may even indicate that the call is from your bank or another recognized number, which adds to the trust level.
New types of phishing attacks are on the rise.
The ugly truth is that scammers will always scam. Whenever we use technology, they’re sure to be lurking. And these cybercriminals are constantly looking for different types of phishing attacks to spring on us.
Angler phishing is one type of phishing attack currently on the rise. It targets customers by posing as customer support on social media. The hacker creates a fake account that responds to customer complaints. Suppose you tweet at Delta about a late flight or ping Amazon about a lost package. That prompts the scammer to promise to assist you by directing you to a fake link where they can steal your information.
Phishers also closely monitor trends. For example, the promise of gaining more TikTok followers or getting access to gaming cheat codes may be too enticing to resist.
The bottom line: Don’t take the bait.
Experts warn that the rise of ChatGPT and other public AI resources could increase phishing attacks. Hackers can now use AI to craft convincing emails (without the obvious misspellings) that closely mimic companies and colleagues. That’s why it’s more critical than ever to remain vigilant before you click.
Understanding the different types of phishing attacks is the first step in protecting your data. The next step is putting a plan in place to prevent getting caught in the phishing net. To learn more about the latest phishing techniques and how to avoid them, visit our blog today!