What is a Phishing Attack and Different Types of Phishing Attacks
Today’s world has become a vast digital sea where everyone’s personal and sensitive information is floating like fishes, and just like every sea, there are fishermen looking for this sensitive information to con and gain from unsuspecting people. This is done by technologically advanced people, infamously known as cyber criminals. The term is often referred to as ‘Phishing’.
In order to protect yourself, it is imperative to understand the meaning of a phishing attack.
What is a Phishing Attack?
The most acceptable phishing definition is that it is a fraudulent practice through which cyber criminal elements steal the sensitive and confidential information. To commit a phishing attack, the attacker poses as a government or bank employee and tricks the victim into giving the required details. This includes usernames, passwords, credit card numbers, bank account details and other important data. The criminals then use this information to rob the victim financially, or to sell it for a price.
How is Phishing Carried Out?
Since we have discussed ‘What is a Phishing Attack’, let’s know how phishing is carried out. In order to execute it, the cyber criminal cleverly crafts an email or instant message which then exploits the victim’s trust to gain sensitive and confidential information.
For a better understanding, let’s look at the step by step process of a phishing attack.
• The attacker sends a cleverly disguised email to the potential victim.
• If the victim takes the bait, he or she will click on the email which will take him or her to the phishing website.
• Once the victim is on the phishing website, the cyber criminal launches the next phase of the phishing attack. In this phase, the attacker collects the victim’s information.
• The attacker then visits a legitimate website and uses the collected credentials to exploit the victim, and to launch further attacks on the victim’s connections.
Three types of scams are used to launch phishing attacks. These are:
• Website Forgery Scam: This is one of the types of phishing attacks where the cyber criminal targets the victim by creating a pseudo website which is identical to the legitimate website that the victim uses. So, when the person visits the website, for example, a bank, and enters the information, believing the site to be legitimate, the attacker collects the information to rob or to sell it to someone else.
This phishing attack is executed by an email phishing, a hyperlink inside a forum, or through a search engine. It is extremely difficult to detect fraudulent websites, but not impossible. You just need to pay attention to the URL. If it looks different, if the page is listed insecure or the HTTPS is not on, then it’s highly possible that the site is meant for a phishing attack.
• Advanced-fee Scam: In this type of phishing attack, the attacker asks for an advance fee in order to receive any money, proceeds, stocks, or warrants, with the promise of repaying the deposited sum later. The criminal also targets the investors who either lost the money in investment schemes, or have purchased underwhelming securities.
This phishing attack is popularised by the ‘Nigerian Prince Email’, where the attacker poses as a troubled Nigerian prince seeking help to escape the country with the promise of paying a large sum of money. All this in exchange for a small upfront fee. The best way to counter such types of phishing attacks is to ignore the requests which are suspicious in nature.
• Account Deactivation Scam: In this phishing attack scam, the attacker plays on the fear and urgency of the victim. For example, the cyber criminal calls the target posing as the representative of the concerned bank. They then claim that the account will soon be deactivated if nothing is done soon. If the victim panics and gives the login details and the password to the attacker. The attacker then uses the details to con the user.
Different Types of Phishing Attacks
Below is the list of the types of phishing attacks cyber criminals employ to con people.
• Spear Phishing: In the spear phishing attack, the attackers target specific people or firms. They gather all the possible information and then launch the attack. Over 90% of the phishing attacks belong to this category.
• Whaling: This phishing attack is more of a trojan horse kind of situation, where the attacker sends whaling scam emails that appear to come from high ranking individuals, a CEO for example. Often, low-level employees fall prey to such types of phishing attacks fearing the repercussions that can arise out of any delay. The attacker then uses this chance to get a large amount of money transferred to their account.
• Clone Phishing: In the clone phishing attack, the attacker mimics a previously sent legitimate email. They do this by modifying the links or the attached files of the original emails. Often, the victim will mistake this email as a legitimate one and will end up responding to the email, which will help the attacker to exploit the individual for their own malicious purposes.
One simple way to avoid such type of phishing attacks is to directly visit the website and check whether the urgent account status in question is displayed there or not. Also, go through the URL and if the website doesn’t look secure, do not enter the details.