Phishing is one of the most common, most dangerous types of cybercrime. Regardless of how much we’ve been warned about it how prepared we think we are, people still fall victim to scam emails and phishing email.
Action Fraud receives more than 400,000 reports of phishing emails each year, and according to Mimecast’s State of Email Security 2020, 58% of organizations saw phishing attacks increase in the past 12 months.
Practically one of the easiest forms of cyberattack for offenders to carry out, phishing is one of the easiest to fall for. It's also one that can furnish everything a hacker needs to ransack their targets' personal and work accounts.
Usually shifted over fake emails, a phishing attack attempts to trick the target into doing what the hacker wants. That may include handing over passwords to make it easier to hack a company, or even altering bank credentials so that payments go to criminals instead of the correct account.
The Various Types of Phishing Attacks
Since being first described in 1987, phishing has evolved into a number of branches. As digital technologies go on to progress, this attack continues to find new ways to exploit vulnerabilities in systems. Here are 11 of the most extensive types of phishing attack methods:
Do you know? 43% of breaches take place at small business
Go Passwordless! The future is here for your Microsoft account, and it no longer requires a password! No more worrying about a breach happening to your business. This Free Inforgraphic will list everything that is potentially at risk and how to protect it.
Standard Email Phishing
This is the most widely known form of phishing. This attack is an attempt to fish out sensitive information through an email that appears to be from a legitimate company. It is not a targeted attack and can be conducted amongst masses.
Malware Phishing
Utilizing the same techniques as email phishing, this attack ensures that targets click on a link or download an attachment so malware can be installed on the device being used. It is right now, the most pervasive form of phishing attack.
Spear Phishing
Where most phishing attacks cast a wide net, spear phishing is a highly-targeted, well-researched attack generally focused at business executives, a financial institution, public personas and other lucrative targets.
Smishing
SMS-enabled phishing delivers malicious short links to smartphone users, often disguised as account notices, official email, prize notifications and political email messages.
Search Engine Phishing
In this type of attack, cyber criminals set up fraudulent websites designed to collect personal information and direct payments on secure websites. These sites can show up in organic search results or as paid advertisements for popular search terms.
Vishing
Vishing, or voice phishing, involves a malicious caller purporting to be from tech support, a government agency or other organization and trying to extract personal information, such as banking or credit card information, leading to credit card fraud.
Pharming
Also known as DNS poisoning, pharming is a technically sophisticated form of phishing involving the internet’s domain name system (DNS). Pharming reroutes legitimate web traffic to a spoofed page without the user’s knowledge, often to steal valuable information in fraudulent attempts.
Clone Phishing
In this type of attack, a shady actor compromises a person’s email account, makes changes to an existing, actual email by swapping a legitimate suspicious link, attachment or other element with a malicious one, and sends it to the person’s contacts to spread the infection.
Man-in-the-Middle Attack
A man-in-the-middle attack involves an eavesdropper monitoring correspondence between two unsuspecting parties. These attacks are often carried out by creating phony public WiFi networks at coffee shops, shopping malls and other public locations. Once joined, the man in the middle can phish for info or push installation of malware onto devices.
Business Email Compromise
Business email compromise involves a phony email appearing to be from someone in or associated with the target’s company requesting urgent action, whether wiring money or purchasing gift cards. This approach is estimated to have caused nearly half of all cybercrime-related business losses in the year 2019.
Malvertising
This type of phishing utilizes digital ad software to publish otherwise normal looking ads with malicious code implanted within.
You can find out more on how to Prevent Ransomware Attack Using Microsoft Security Solutions on this blog.
How Can You Spot the Scam?
Make no mistake, these attacks can be pretty cunning. Evidently, these types of phishing exist because they work. Scammers launch thousands of phishing attacks every day and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year. Here are a few pointers for you to identify an email that is actually a scam:
Seeing any one of these flaws is enough to tell you the email is a phishing attempt – but what if these errors aren’t there at all?
A smarter fraudster could have corrected these mistakes, including knowing the recipient’s name and email address, and masking their URL in a much more convincing way. If they'd done a better job, there would have been nothing alarming in the message. But it would still be a fake.
Steps to Protect Yourself from Phishing
Microsoft 365 is providing different Security features to protect the customer and their data from such sort of attacks but here we will talk about the baseline, which anyone can follow.
Let’s get right into the precautions.
1. Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.
2. Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
4. Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
How to Report Phishing
If you got a phishing email or text message, report it. The information you give can help fight the hackers.
Step 1. If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726).
Step 2. Report the phishing attack to the FTC at ftc.gov/complaint.
How Communication Square Can Help You Fight Phishing Attacks
There are a number of technological approaches to go up against phishing attacks. Certain software’s send test phishing emails to corporate employees which then provide solutions to the security leadership. Communication Square can help you combat Phishing Email by setting up Microsoft’s unbeatable Intune Security Solution. All you need to do to get in touch with us is book a cloud strategy call today!
Last Updated 4 months ago