We will briefly summarise types of phishing attacks.
1. Deceptive phishing – Deceptive phishing is the most common type of phishing attack, in which attackers send emails that appear to come from a legitimate source, such as a financial institution or a social media site. The email may contain a link that takes the user to a fake website that looks identical to the legitimate site. The user is then asked to input sensitive information, such as login credentials or credit card numbers, which the attacker can then use to gain access to the user’s account.
2. Spear phishing – is a type of phishing attack that is targeted at a specific individual or organization. The attacker will send an email that appears to come from a legitimate source, but the email will contain a link that leads to a fake website. The fake website will ask the user to input sensitive information, such as login credentials or credit card numbers. The attacker can then use this information to gain access to the user’s account.
3. Whaling – Whaling attacks are similar to spear phishing, but they target high-profile individuals such as CEOs, CFOs, or other executives. These attacks usually involve a very convincing email that appears to be from a legitimate source, such as a government agency or financial institution.
4. Vishing – Vishing is a type of phishing attack that uses voice calls or VoIP (Voice over IP) instead of email. The attacker will try to trick the victim into giving them personal information or financial data over the phone.
5. Smishing – Smishing is a type of phishing attack that uses SMS (Short Message Service) texts instead of email. The attacker will send a text message that appears to be from a legitimate source, such as a bank or government agency. They will then try to trick the victim into giving them personal information or financial data.
6. Clone phishing – Clone phishing is a type of phishing attack where the attacker creates an exact replica of a legitimate email that has been sent previously. The only difference is that the malicious link or attachment has been replaced with a new one. This can be difficult to spot, especially if the victim doesn’t have the original email to compare it to.
7. Typosquatting – Typosquatting is a type of phishing attack where the attacker uses a domain name that is very similar to a legitimate website. When victims make a typo when trying to visit the legitimate site, they will end up on the attacker’s fake site instead. The attacker can then try to trick the victim into giving them personal information or financial data.
8. Pharming – Pharming is a type of phishing attack where the attacker redirects victims to a fake website, even if they typed in the correct URL. This can be done by infecting DNS servers or by using browser hijacking software. The attacker can then try to trick the victim into giving them personal information or financial data.
9. Malware-based phishing – Malware-based phishing is a type of phishing attack where the attacker uses malware to infect the victim’s computer. The malware can then be used to steal personal information or financial data.
10. Password reset phishing – Password reset phishing is a type of phishing attack where the attacker uses a fake password reset email to trick the victim into giving them their personal information or financial data.