Hacking attempts are at an all-time high, and phishing comprises one-third of all hacking attempts. Phishing is a method of hacking that attempts to exploit a user by posing as a trustworthy source. In fact, one out of 25 branded emails is a phishing scam, with Microsoft and Amazon being the most common branded scam. And lastly, according to a Verizon report, 66% of malware is installed through malicious email attachments.
Businesses are a major target, but individuals also have to protect themselves. Outside of the workplace, individuals expose themselves to less cybersecurity than their office systems have, and are more likely to let their guard down on their own time. With that in mind, here are a few common types of phishing scams you should be aware of:
Spear Phishing
There are different categories of phishing, and spear fishing is one of them. Spear fishing is a type of bespoke, high-quality phishing technique, in which is a specific victim is researched and specifically targeted. This personalized tactic can be very effective, because the languaging is tailored to the individual, versus a mass, generic email.
LinkedIn is a very popular platform to send deceptive messages on, because users generally trust LinkedIn, and it’s easy for hackers to gather personal information about a person through their LinkedIn content. An example of phishing attempt on LinkedIn might come from a user requesting that you “review a proposal.” Always be wary of messages on LinkedIn or other platforms that request that you leave the site you’re currently on.
Vishing
Vishing—voice phishing—is a less common form of phishing that doesn’t rely on email tactics. With this tactic, hackers utilize a VoIP to call individuals and mimic an authority organization. Bank accounts are a major target for vishing attempts. For instance, you might hear a voicemail that prompts you to call the bank back to reset a compromised account, in which case you’ll be asked to verify your credentials.
Another common vishing tactic is to tell the victim that they’ve won a prize, and all they need to do is pay for shipping and handling, which encourages them to provide their credit card details. To prevent becoming a victim, never give your details out over the phone. If you’re unsure of whether a call is legitimate, hang up and phone the company in question.
Whaling Attack
A whaling attack is a type of phishing that specifically targets high-profile employees. This could include the CEO, CTO, or business owners. Hackers then conduct fraud by using the CEO’s email or log-in credentials to authorize high-value wire transfers. Whaling attacks tend to be more effective because not all high-level executives partake in the same cybersecurity training that their employees do.
For this reason, it’s important that executives partake in security seminars and classes, and even small business owners should do the same. Small business owners tend to believe they won’t be a target of hacking because they have less to give, but this couldn’t be further from the truth. Roughly 43% of hacking attacks are against small businesses. With this in mind, always take a preventative approach to managing companies.
Smishing: Text Phishing
Smishing is becoming a more popular form of hacking with the rise of mobile usage. As the name suggests, this phishing tactic is when an individual is targeted via SMS messaging. In February 2019, Nokia sent out a warning to its users after a widespread smishing campaign in India prompted users to send in money to claim a car they won. Another smishing attempt went even further when it targeted a local Knoxville woman with cancer, using a message that stated if she paid taxes and a deposit on a grant, it would assist her with payment for treatment.
There are all different types of ways a person can fall victim with smishing, especially because it allows the hacker to be much more creative with their content. Some go with the standard “you’ve won a prize!” while others might say something along the lines of, “Is this really a pic of you?” In every case, it includes a link or prompts you to dial a number. Clicking a link will download malware onto your phone that can extract personal details, while making a phone call could send you further down the rabbit hole and result in you forking over personal information.