Cyber crime has become a powerful strategy for criminals to extort money from unsuspecting internet users. Norton reported that cyber criminals stole a total of £130bn from consumers in 2017. The main method criminals used to extort money and personal details was phishing.
In this post we are going to show you the main forms of phishing that criminals use. The information below was supplied by MetaCompliance the authors of the Ultimate Guide To Phishing
First, what is phishing?
Phishing is a type of online scam where fraudulent email messages that appear to come from a legitimate source are sent to list of people or specific contacts. The email is designed to trick the recipient into entering confidential information into a fake website by clicking on a link.
This email would usually include a link or attachment which once clicked, will steal sensitive information or infect a computer with malware. The cyber criminals will use this information to commit identity fraud or sell it on to another criminal third party, likely through the dark web.
That was the general gist of phishing. Below is a more in depth look at phishing.
Spear - Phishing is a more targeted attempt to steal sensitive information and typically focuses on a specific individual or organisation. These types of attack use personal information that is specific to the individual in order to appear legitimate.
Vishing refers to phishing scams that take place over the phone. It has the most human interaction of all the phishing attacks but follows the same pattern of deception. The fraudsters will often create a sense of urgency to convince a victim to divulge sensitive information.
What distinguishes this category of phishing from others is the high-level choice of target. A whaling attack is an attempt to steal sensitive information and is often targeted at senior management.
Smishing is a type of phishing which uses SMS messages as opposed to emails to target individuals. It is another effective way of cybercriminals tricking individuals into divulging personal information such as account details, credit card details or usernames and passwords.
Clone Phishing is where a legitimate and previously delivered email is used to create an identical email with malicious content.