The Most Common Phishing Attacks and How to Spot Them

Phishing is an ever present threat in our cyberspace. It’s a malicious practice that dupes people into revealing confidential information such as passwords and credit card details. Unfortunately, a phishing email can deceive even the most cautious user, and can create a lot of damage if successful.

Cybercriminals use three main phishing methods to fraudulently access information: malicious attachments, malicious web links, and fraudulent data-entry forms – all typically sent via email.

Let’s take a closer look at the different types of phishing.

Phishing email

The most common type of phishing is done via fraudulent emails which appear to come from a legitimate source. They often carry a sense of urgency, and typically prompt the recipient to click on a malicious link or attachment thereby compromising data security.

Phishing emails will almost always request the following information:

·       Credit card details

·       Login details

·       Password

·       Social security number

·       Date of birth

·       Phone number

·       Home address

Once they have this information, cybercriminals use it to steal your identity, and commit credit card fraud or even install malware in your device.

How to spot a phishing email:

·       It requests sensitive information

·       It uses a different domain from the authentic source

·       It contains unsolicited attachments

·       It contains threats or creates a false sense of urgency

Spear phishing

This is a highly personalized cyber-attack aimed at specific individuals or organizations. It is designed to steal sensitive information, such as login credentials, or to infect your device with malware. Some of the common spear phishing attacks include:

·       CEO fraud – the attacker uses the guise of a senior executive, like a CEO, to dupe the target into performing an action like initiating a wire transfer or divulging classified information.

·       Brand phishing – cybercriminals impersonate trusted brands and service providers, but swaps genuine links with fake ones.

·       Fake invoices – The attacker uses forged company invoices to dupe accounts payable personnel into wiring money to them.

How to Spot Spear Phishing:

·       A request for sensitive information that isn’t usually shared over email.

·       The email creates a sense of urgency or even panic

·       Contains requests to click on a link or attachment

·       Inconsistencies in the sender’s email address and company domain.

Whaling attack

This is a type of spear phishing attack aimed at high-level executives or officials. The attacker uses researched information to impersonate a trusted colleague of the victim so as to trick them into revealing sensitive information or wiring money into a fake account.

To spot a potential whaling communication, look out for the following things:

·       Email address that doesn’t match your company’s domain e.g. a public email address

·       Questionable or misspelled URLs

·       The email’s tone is urgent or threatening

·       Requests for personal information that normally isn’t shared over email

·       Spelling and grammar errors

Business Email Compromise

BEC attacks are tailor made emails designed to convince an employee to carry out harmful actions like sending money to an imposter account, or divulging sensitive information. They rely on knowledge of the victim’s personal details to convince them of the authenticity of their request. BEC emails sometimes contain malware disguised as harmless attachments, which are activated when opened,

How to Spot BEC:

·       Emails sent outside business hours

·       Misspelled names

·       Emails from executives with slightly altered email addresses.

·       Changes to payment or billing information

To avoid falling victim to phishing attacks it’s important to always do your due diligence before taking any action requested by the email sender. This includes using an alternative communication method to confirm the email sender’s legitimacy.

—

Take your cybersecurity knowledge to the next level—explore Phoenix TS’s expert-led cybersecurity training courses today and stay one step ahead of online threats! https://phoenixts.com/courses/?topics%5B%5D=cyber-security&kw=