Phishing is a popular form of cyber attack that businesses across a wealth of industries have found themselves vulnerable to in recent years.
As the term implies, the attack begins as an attempt to lure a victim to compromise their own cyber security by responding to what purports to be a legitimate opportunity, offer or warning. But phishing comes in many forms and it’s important for business owners and network managers to understand the ways in which victims have traditionally become duped by these schemes.
What follows is a rundown of the most popular methods of attack employed with phishing schemes:
Deceptions: Deception phishing is considered the most prevalent of all phishing schemes at work today. In the case of deception phishing, a hacker attempts to secure confidential information from the victim. The information is then utilized to impersonate the victim and steal funds or purchase products or services at the victim’s expense. Typically, an email is sent purporting to originate from the victim’s bank requesting that they verify their account details. Embedded in the email is a link meant to allow the victim to enter account details and access their online account. What it actually does is retrieve the victim’s banking details for later use.
Spear Phishing: Spear phishing is a cyber attack against a specific individual. Unlike Deception Phishing, which typically, targets a larger groups of victims, spear phishing typically results from targeted research on a single individual. Before the attack, victims are researched via social media channels and other websites. Communications are then customized to accommodate the need to build trust. This method of phishing is often used to initiate a breakdown in a network’s defenses in advance of a larger cyber attack.
Whale Phishing: Whale phishing is a targeted attack that seeks to exploit high-profile or wealthy individuals or entities. The hackers invest time and energy into profiling their target and when the moment is right mount an attack to steal login credentials that will be used to access everything from personal funds to company information and secrets.
Pharming: Pharming is a kind of phishing that sends targets to a fraudulent website that appears to be legitimate but is in actuality one that is controlled by cyber criminals in an effort to retrieve the victim’s login credentials. In pharming, however, targets don’t have to click a malicious link to be taken to a phony website. Victim’s computers can be infected or the website’s DNS server could be made to redirect the victim to a phony website, where collection of account credentials can be accomplished. If you have questions about maintaining network security or computer support for your business, contact the industry leaders at dotQ4 in Mokena, just outside of Chicago. You can reach us at 708 261 1844.