loader

“Important Information on the L&T Finance Holdings Limited Merger"Click Here

“Important Information on the L&T Finance Holdings Limited Merger"Click Here

“Important Information on the L&T Finance Holdings Limited Merger"Click Here

“Important Information on the L&T Finance Holdings Limited Merger"Click Here

What is a Phishing Attack and Different Types of Phishing Attacks

Jul 3, 2023

5 min. Read

What is a Phishing Attack and Different Types of Phishing AttacksRisk

What is a Phishing Attack and Different Types of Phishing Attacks


Today’s world has become a vast digital sea where everyone’s personal and sensitive information is floating like fishes, and just like every sea, there are fishermen looking for this sensitive information to con and gain from unsuspecting people. This is done by technologically advanced people, infamously known as cyber criminals. The term is often referred to as ‘Phishing’.

In order to protect yourself, it is imperative to understand the meaning of a phishing attack.



What is a Phishing Attack?


The most acceptable phishing definition is that it is a fraudulent practice through which cyber criminal elements steal the sensitive and confidential information. To commit a phishing attack, the attacker poses as a government or bank employee and tricks the victim into giving the required details. This includes usernames, passwords, credit card numbers, bank account details and other important data. The criminals then use this information to rob the victim financially, or to sell it for a price.



How is Phishing Carried Out?


Since we have discussed ‘What is a Phishing Attack’, let’s know how phishing is carried out. In order to execute it, the cyber criminal cleverly crafts an email or instant message which then exploits the victim’s trust to gain sensitive and confidential information.

For a better understanding, let’s look at the step by step process of a phishing attack.


• The attacker sends a cleverly disguised email to the potential victim.

• If the victim takes the bait, he or she will click on the email which will take him or her to the phishing website.

• Once the victim is on the phishing website, the cyber criminal launches the next phase of the phishing attack. In this phase, the attacker collects the victim’s information.

• The attacker then visits a legitimate website and uses the collected credentials to exploit the victim, and to launch further attacks on the victim’s connections.


Three types of scams are used to launch phishing attacks. These are:

Website Forgery Scam: This is one of the types of phishing attacks where the cyber criminal targets the victim by creating a pseudo website which is identical to the legitimate website that the victim uses. So, when the person visits the website, for example, a bank, and enters the information, believing the site to be legitimate, the attacker collects the information to rob or to sell it to someone else.

This phishing attack is executed by an email phishing, a hyperlink inside a forum, or through a search engine. It is extremely difficult to detect fraudulent websites, but not impossible. You just need to pay attention to the URL. If it looks different, if the page is listed insecure or the HTTPS is not on, then it’s highly possible that the site is meant for a phishing attack.


Advanced-fee Scam: In this type of phishing attack, the attacker asks for an advance fee in order to receive any money, proceeds, stocks, or warrants, with the promise of repaying the deposited sum later. The criminal also targets the investors who either lost the money in investment schemes, or have purchased underwhelming securities.


This phishing attack is popularised by the ‘Nigerian Prince Email’, where the attacker poses as a troubled Nigerian prince seeking help to escape the country with the promise of paying a large sum of money. All this in exchange for a small upfront fee. The best way to counter such types of phishing attacks is to ignore the requests which are suspicious in nature.


Account Deactivation Scam: In this phishing attack scam, the attacker plays on the fear and urgency of the victim. For example, the cyber criminal calls the target posing as the representative of the concerned bank. They then claim that the account will soon be deactivated if nothing is done soon. If the victim panics and gives the login details and the password to the attacker. The attacker then uses the details to con the user.



Different Types of Phishing Attacks


Below is the list of the types of phishing attacks cyber criminals employ to con people.


Spear Phishing: In the spear phishing attack, the attackers target specific people or firms. They gather all the possible information and then launch the attack. Over 90% of the phishing attacks belong to this category.


Whaling: This phishing attack is more of a trojan horse kind of situation, where the attacker sends whaling scam emails that appear to come from high ranking individuals, a CEO for example. Often, low-level employees fall prey to such types of phishing attacks fearing the repercussions that can arise out of any delay. The attacker then uses this chance to get a large amount of money transferred to their account.


Clone Phishing: In the clone phishing attack, the attacker mimics a previously sent legitimate email. They do this by modifying the links or the attached files of the original emails. Often, the victim will mistake this email as a legitimate one and will end up responding to the email, which will help the attacker to exploit the individual for their own malicious purposes.


One simple way to avoid such type of phishing attacks is to directly visit the website and check whether the urgent account status in question is displayed there or not. Also, go through the URL and if the website doesn’t look secure, do not enter the details.


How to Protect Yourself from Different Types of Phishing Attacks?


Till now we have talked about the phishing attack and its types. Now let’s take a look at a couple of measures that we can take to protect ourselves from them.


Best Practices and Security Awareness Training: The best way to prevent a phishing attack is through extensive training. Organisations around the world teach their employees to identify and isolate any malicious activity for better protection. This is usually achieved by teaching them to identify the situations such as:


- Emails content suspicious attachments that the receiver is unaware of

- Requests for fund transfer

- Requests for sensitive and confidential information or to update profile or payment information

- Poor spelling and grammar

- Unrealistic and suspicious threats, such as jail time, account deactivation;etc.

- Emails or SMS creating illogical and fantastical sense of urgency


Security Technologies: Despite all the training and teaching, sometimes a phishing attack is unavoidable. Therefore, security technologies have been set in place to help in such situations. These include; spam filters and email security software, web filters, multi-factor authentication, and antivirus and anti-malware softwares, to name a few.


Despite all the training and teaching, sometimes a phishing attack is unavoidable. Therefore, security technologies have been set in place to help in such situations. These include; spam filters and email security software, web filters, multi-factor authentication, and antivirus and anti-malware softwares, to name a few.



https://www.investor.gov/protect-your-investments/fraud/types-fraud/advance-fee-fraud


https://www.ibm.com/topics/phishing#:~:text=What is phishing,or their organizations to cybercrime.

Explore Other Products

Home Loan

Move into the home of your dreams with a Home Loan.

Home loanKnow More

Loan Against Property

Fulfil your dreams with loan against residential property.

Farm loanKnow More

Personal Loans

Achieve your immediate financial needs with a personal loan.

consumer loanKnow More

Two-Wheeler Finance

Get a boost for your ride with a two wheeler loan.

Two wheeler loanKnow More

Farm Equipment Finance

Get easy loan for all your agricultural needs.

Farm loanKnow More

SME Loan

Start or expand your business with customised financial solutions.

SME loanKnow More

Micro Loan

Group loans to women borrowers for income generating activities

Micro loanKnow More
download app bg

Download the PLANET App

apple badge google badge