BNMC Blog

What You Need to Know About the Different Types of Phishing Attacks

What You Need to Know About the Different Types of Phishing Attacks

If there is one kind of online scam that people need to be more cognizant about, it would be phishing—where a scammer tries to hack the user instead of the computer, tricking them into sharing sensitive information. Phishing can come in enough forms that it has splintered into a few different varieties to watch out for. Let’s go over what a basic phishing attack looks like, some of the different types you may encounter, and how to deal with such an attack appropriately.

What is Phishing?

Phishing is the approach that a scammer will use to get a target to hand over the information that the scammer needs, as opposed to the scammer using technical methods to extract it. In essence, the scammer will put on the guise of something or someone they are not to motivate their intended victim to facilitate their own downfall.

Through some means of communication—traditionally, but not exclusively, email—the scammer will begin their pitch. Whether they use an innocuous-seeming request, a looming threat that needs immediate attention, or even a bait-and-switch malicious attachment or link, the cybercriminal has no shortage of means to take advantage of you and your team members.

Let’s go over how different varieties of phishing work, followed by a few best practices that will help you avoid falling into any traps.

Business Email Compromise

In this form of attack, an attacker will pretend to be a trusted contact as it can be very effective when used to target different members of a company or an organization—effectively, any group of people with a representative or authority figure at the top. By posing as this trusted contact and expressing urgency in some way, an attack can be that much more effective. These attacks can net a cybercriminal a significant sum, simply because the target isn’t anticipating an attack to come from an otherwise known source.

Clone Phishing

There are a lot of emails that are consistently predictable—the kind that are generated automatically in response to certain notifications, for instance. However, some phishing attacks will replicate these emails and instead direct the included links to malicious sites. These emails are often crafted to almost perfectly replicate a legitimate version, so they can be hard to catch.

SMiShing

SMiShing is simply a phishing attack that is sent via text message, as compared to an emailed message. Due to the notoriety that emailed phishing messages have gained in recent years, most people simply aren’t expecting the same threat to come to them in this much different format. It certainly doesn’t help that texts are read far more often than emails are, and that a mobile device often won’t feature a comparable level of security as the typical workstation or email client.

Spear Phishing

While many phishing attacks are designed to be somewhat vague so that they can be sent to the largest number of people simultaneously, spear phishing attacks are researched and crafted to be sent to a very specific target. This investment means that they are frequently leveraged against higher value targets and can often be exceptionally convincing.

Vishing

Vishing, like SMiShing, is a form of phishing that can catch a target unawares, simply because it comes from a lesser-thought-about source. In this case, a voice call is used to convince the recipient to disclose some personally identifiable information.

Whaling

Whaling is the practice of specifically targeting the top dog in an organization with a phishing attack, or a specific type of business compromise where “the boss” will suddenly demand something of an employee—often for funds to be transferred somewhere or a set of access credentials to be shared. This second variety has been particularly common as of late, with entire organizations having fraudulent links or requests sent to them from what appears to be their leadership.

While it may seem that these kinds of attacks would be rare, their efficacy usually makes the research into conducting them well worth it for a cybercriminal.

How to Deal with Phishing

Phishing is no joke, as it can easily bypass your cybersecurity protections and leave your team members as your only defense. This is a serious issue if they haven’t been prepared to deal with an incoming phishing attempt.

Let’s more closely examine the trajectory of a whaling attack as an example.

Put yourself in the shoes of one of your team members: how would you react if the boss (or one of the bosses) suddenly emailed you out of the blue asking for the credentials to a company account, stat!? How likely is it that you would start questioning the request? Anyone who has worked in the lower levels of a business knows that you don’t argue with the boss, save for some very specific circumstances, so they are far more likely to acquiesce to the request without thinking.

However, once your team has been made aware of the threat, they can be made much more resistant to these efforts… particularly if you also educate them on what to look for, and how to appropriately deal with suspected phishing attempts.

Make sure your team knows to look critically at every email that comes in, watching for irregularities in:

  • Who sent it – Are there irregularities in the address it came from, are names or suffixes misspelled, or does it come from someone who has never corresponded with you before?
  • What it contains - Are there any links shared in it, does a strange URL appear when you hover your cursor over them, are there any attachments?
  • What it says – Are there spelling and grammar issues in a professional email, is there an excessive sense of urgency or time sensitivity communicated, or is there a request to do something like share data or forward access credentials?

If they have any reason to suspect an email’s legitimacy, make sure they also know to reach out to the supposed sender by a different means to confirm that they were the one who sent the message. If they confirm that the message was indeed a phishing attempt, they also need to know to alert whatever IT resource you have available to find out what needs to be done to safely resolve the potential issue.

At BNMC, we’re well aware of what a successful phishing attack can do to an unprepared business, which is why we do all we can to make sure everyone who works with us is as prepared as can be. To find out what we can do for you, give us a call at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, April 20 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.bnmc.net/

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Productivity Business Computing Cloud User Tips Email Software Privacy Network Security Microsoft Hackers Workplace Tips Efficiency Business Google Data Hardware Computer Hosted Solutions Malware IT Services Communication Internet Mobile Device IT Support Smartphone Mobile Devices Small Business Android Users Innovation Cloud Computing Phishing Backup Ransomware Tech Term Data Recovery Managed IT Services Windows Smartphones Saving Money Cybersecurity Quick Tips Information VoIP Outsourced IT Upgrade Miscellaneous Disaster Recovery Network Passwords Social Media communications Windows 10 Business Management Microsoft Office Browser Data Backup Facebook Office 365 Business Continuity Collaboration Server Managed Service Managed IT Services COVID-19 Productivity Internet of Things Data Management Apps Windows 10 Gadgets App Analytics Infrastructure Artificial Intelligence Gmail Vulnerability Word Remote Work Remote Monitoring Save Money Information Technology Mobile Office Conferencing Government Remote Workers Encryption Money Spam Chrome WiFi Router Managed Service Provider Virtual Reality Company Culture Paperless Office Website Holiday Tip of the week BYOD Display IT Support Settings Applications Networking VPN Access Control Google Drive Data Security Employer-Employee Relationship Content Filtering Business Technology Bandwidth End of Support Managed Services Virtual Private Network Employee-Employer Relationship YouTube Risk Management Apple Education Storage Office Tips Wi-Fi Development Unified Threat Management Computers Virtualization Hacker Data storage Avoiding Downtime Antivirus Big Data HIPAA BDR Firewall Maintenance Operating System Document Management Robot Compliance Wireless Automation IT Management Server Management Mouse Training Hard Disk Drive Cryptocurrency Regulations Touchscreen Going Green Remote Computing Managed IT MSP Tablet Augmented Reality How To Blockchain SaaS OneNote Managing Stress Printing Data Breach Windows 7 IT Data loss Password Two-factor Authentication Telephone Systems Software as a Service Laptop Social Network Free Resource Retail Alert The Internet of Things Managed IT Service desktop Customer Relationship Management Scam Vendor Images 101 Computing Cybercrime Mobile Security Break Fix Outlook Downtime Monitors Search Bring Your Own Device Vendor Management Marketing LiFi Budget iOS Social Chromebook Hosted Solution Solid State Drive Humor Business Intelligence Remote Best Practice Identity Theft Administration Modem FinTech Legislation Battery Scalability Halloween Staff Leominster Asset Management Corporate Profile Virus Peripheral Safety Utility Computing Language Value G Suite Microsoft Excel K-12 Education Updates Automobile SharePoint Device Reducing Cost IoT Smart Technology Dell user treats Google Docs Mixed Reality Mirgation Recycling Techology Shadow IT IT solutions Threats Cookies Statistics Cabling Files Migration Consulting Scary Stories K-12 Schools Lenovo Memes WannaCry Hacks Network Congestion LED Downloads Google Maps Management Google Wallet Laptops Running Cable Computing Infrastructure Professional Services Mail Merge Instant Messaging Bitcoin PowerPoint Social Networking Writing Mobility Batteries Star Wars Shortcut Distributed Denial of Service Shopping Business Growth Buisness Chatbots eWaste VoIP Unified Threat Management Gamification Co-Managed IT Virtual Desktop Nanotechnology Bluetooth Comparison RMM Legal Sports Wearable Technology Network upgrade Firefox Superfish Cables Policy Unified Communications Drones Managed Services Provider Alerts USB Address Permissions Windows 8 Dark Data Update Onboarding GDPR Motherboard Print Toner Myths Fraud Cost Management Patch Management Employees Slack Hard Disk Drives Identity Continuity User Error Digital Payment Content Huawei Screen Reader Charging Meetings Specifications Disaster Banking Deep Learning Politics Messaging Smart Office Holidays Digital Mobile Device Management Wires Heating/Cooling Multi-Factor Security Procedure Work/Life Balance Entertainment Licensing Dongle Distribution Customer Service Digital Signage Data Warehouse Office Samsung Shortcuts Mobile Management Assessment Gig Economy Alt Codes Health Private Cloud Monitoring Solid State Drives Solar Time Management Printer Streaming Processor Smart Tech Black Friday Uninterrupted Power Supply Reviews Tech Support Employee-Employer Relationships Work Payment Card Spyware Voice over Internet Protocol Servers File Sharing Google Calendar PCI DSS Hybrid Cloud Cooperation Service Level Agreement Emergency Computer Care Logistics IBM Troubleshooting Business Analysis Social Engineering Security Cameras Profiles Hotspot Internet Exlporer Dark Web FBI Typing Spying National Security Network Management Twitter Human Error Memory Connectivity Cyber Monday Websites Analysis Students IT Technicians Optimization Inventory Current Events Travel Upgrades Gadget Emoji Printers Crowdsourcing Personal Information Botnet Supercomputer CrashOverride Motion Sickness 3D Printing Staffing Cortana Taxes Administrator Processors Web Server what was your? Machine Learning IT Budget Financial Unsupported Software GPS IT Consultant Cameras Computer Repair Relocation Mobile Data Tracking How To Cleaning Recovery CCTV Black Market Regulation Webcam Mobile Computing Law Enforcement Notifications Electronic Medical Records Error Point of Sale Ben McDonald shares Physical Security

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3