Phishing attacks are often initiated through email communications. The phishing mail includes generic greetings as well as target's name, phone number and other details to make it look genuine. According to a recent survey conducted by the Tripwire, out of 200 security professionals, 58% of
participants said that their organization has seen an increase in
phishing attacks and despite the alarming scenario, most companies are not prepared to protect themselves against phishing scams.
Besides, the Verizon report says that phishing attacks are becoming more sophisticated thereby posing a significant threat to all organizations. Hence, it is extremely important for organizations to identify some of the most common types of phishing attacks and to guard their corporate information. Below given are the four common types of phishing attacks;
1) Deceptive Phishing
Deceptive phishing is the most common type of phishing attack which hackers use to impersonate a legitimate company and trick users to enter their login credentials. Normally, this type of phishing mail is designed to scare users by creating a sense of urgency. For instance, in January 2017, the Netflix scammers sent a fraudulent mail claiming they are from Netflix and they have trouble in authorizing the credit card and in order to solve the discrepancy, users are tricked to click on a link and enter their credit card information.
The success rate of phishing attack largely depends on how closely the phishing mail resembles a legitimate company’s official mail. Hence, it is necessary to inspect all URL's carefully, particularly when the homepage redirects users to an unknown website. Also, checking out for grammar mistake, spelling mistake, and generic salutations helps users to identify phishing mails.
2) Spear Phishing
Spear phishing is a step ahead of deceptive phishing. Spear phishing scammers personalize the e-mail with the target's name, designation and phone number making the recipient believe that they are receiving the mail from a known sender.
The objective of this scam is same as deceptive phishing – to trick the
user, so that they can reveal the confidential information.
According to the Cloudmark survey, organizations hit by a successful spear phishing attack has suffered an average financial cost of $1.6 million in the year 2016.
In order to protect against this scam, organizations ought to conduct
employee security awareness program and educate employees to not publish
sensitive corporate information on social media.
3) CEO Fraud E-Mails
Hackers can target anyone in the organization, even the top executives. In a whaling attack, the hackers target CEO's and send out an email consisting of personal information relating to the recipient, familiar (but not identical) company logo, and email domain that tricks the receiver to believe that the message has been originated from the legitimate source.
AlienVault reports that one in three companies have been victims of whaling
attacks aka CEO fraud mails. Besides, over 80 percent of employees
believe that their executives can fall for targeted phishing attacks.
Normally, the whaling email comes with a subject line saying it as a critical business matter and if the person clicks on the mail or the attachment, the recipient will be led to a fake
website where they will be tricked to enter login details and alternatively their computers are infected with malware, which allows hackers to gather confidential data. The only way to avoid being a victim of such attacks is to follow a good cyber hygiene.
Pharming, also known as DNS based phishing is different from other types of phishing. Unlike others, pharming is a method of attack which roots from DNS cache poisoning. In this type of attack, phishers target
a DNS server and change the IP address associated with its alphabetical
website name meaning a hacker can redirect the users to a fake website
even if the victim enters the correct the website name.
Identifying a phishing mail is not a complicated task. Cyber situational awareness keeps you updated with the latest phishing scams and malware attacks.
As you have a habit of reading newspaper everyday, reading articles
related to cyber threats helps you identifying these types of phishing
attacks and other types of cyber crime. Due to the constant change of
threat landscape, cyber security awareness plays a significant role in securing the confidential data. Following a good cyber hygiene never fails to prevent breaches. A simple care can save us from losing the confidential data and inviting its after effects.