Types of Phishing Attacks
Phishing is a method of stealing money or confidential information by sending fraudulent content to a victim, most commonly through email or messaging platforms.
What is phishing?
Phishing is a type of social engineering attack often used to steal user data (e.g. login credentials and credit card numbers) or compromise computer networks. It occurs when an attacker, masquarades as a trusted entity and entices their recipients into opening an email, instant message, or text message.
Phishing attacks remain among the most common method used by malicious cyber actors to target organisations. While phishing messages are commonly sent out in their thousands, spear-phishing campaigns are typically aimed at a particular group of recipients.
Curious if your business is vulnerable to phishing? Run a free scan to see if your domain can be spoofed in a phishing attack!
Learn to spot the phish
Curious how you can spot the phish in the future? Take a look at our guided tour which highlights how attackers use a combination of urgency, fradulent sender addresses, engaging content and malicious websites or attachments to compromise their victims.
Types of Phishing
A number of different techniques are used to obtain confidential information or money from victims. As technologies advance, so does the sophistication of the tools, tactics and techniques used by cybercriminals.
Spear phishing attacks are highly targeted and often include well-researched information and content crafted specifically for a target. Because of this, spear phishing attacks have a high success rate and often result in credential or endpoint compromise.
Email spam comes in various forms bit os typically associated with is unsolicited emails sent in bulk. Most spam emails are commercial in nature, but they may contain links that lead to phishing web sites that will steal your credentials, host malware or include malware as file attachments.
Phishing websites are a type of web based attack where the attacker builds a website that is a replica of a legitimate website. Typically these websites are designed to trick a victim into entering sensitive information such as usernames, passwords or credit card information with the goal of defrauding the victim.
Malicious Advertising (Malvertising)
Malicious advertising is a type of web based attack where the attacker uses online advertising services to spread phishing material or malware with the end goal of stealing sensitive information or compromising endpoints. Generally this occurs through the injection of malicious code or links into ads.
Voice Phishing (Vishing)
Voice phishing is a type of verbal attack that uses telehpone (often Voice over IP telepones i.e. VOIP) to conduct phishing attacks. Usually, these attacks are conducted using automated text-to-speech systems but may involve human operators. Typically these attacks are associated with mail-order scams where victims are tricked into sending large amounts of money overseas via physical mail.
SMS Phishing (Smishing)
SMS phishing is a type of text-based phishing attack that uses SMS messages. Typically victims are tricked into revealing account information or installing malware. Usually, SMS phishing messages spoof phone numbers and contain a link to a phishing website or instruct the victim to respond with sensitive information.