What Is Phishing? Get to Know 8 Types of Cybercrime
Phishing is a type of cybercrime, often carried out by criminals creating websites that impersonate a trustworthy website, such as a bank or social media account. The word ‘phishing’ is pronounced ‘fishing’, which is appropriate as the terms share the same connotations of catching something using a hook or a lure. For example, when users click to access a fraudulent website, cybercriminals steal their information, such as credit card details, ID numbers, and login credentials. Phishing is the most common form of cyber attack, especially nowadays, as everybody uses the internet daily, allowing phishing and other cybercrimes to be carried out more easily. Therefore, you should always stay on guard to avoid falling victim to this kind of cyber attack.
Table of Contents
What Do Phishing Attack Messages Look Like?
- A message containing typos, for example, “PayPal” becomes “Paypai”. This little typo is often overlooked, which means many recipients click on the link, which then navigates them to other subdomains or suspicious websites that steal their personal information.
- A message sent from a personal email address instead of an organisation. They could use public domain email addresses like Gmail or Hotmail while claiming to be legitimate organisations.
- A message written in a way that triggers fear.
- A message asking for personal information such as credit card details, ID numbers, or login credentials.
- A message written very simply or poorly, often containing typos.
How Many Types of Phishing Attacks Are There?
Phishing attacks can be divided into 8 different types:
Email phishing is a common scam, often referred to as “Spray and Pray”, where numerous emails are sent at once to try and entice victims. Just 1 or 2 victims would be considered a success. Usually, the email’s content won’t target a specific group of people or address the reader personally; it will use terms like “Dear account holder” or “Dear valued customer”. Also, they may use wording to cause anxiety or panic, such as “URGENT” or “CONFIDENTIAL”, to trick the victim into clicking the attached link.
Spear phishing targets a specific group of individuals. Cybercriminals choosing this kind of phishing approach are mostly professional hackers looking to steal their victims’ personal information or infiltrate an organisation by making their email content look credible. For example, the email may use a name similar to someone who works in the organisation, which could result in the victim overlooking the scam and clicking the fraudulent link.
Whaling phishing is another complicated scam similar to spear phishing, but instead, it targets a specific individual—usually high-ranking personnel such as a CEO or manager. The content within the email will aim to cause fear and anxiety. For example, the email could claim to be from a court informing you that you have been charged with law infringement and that you need to take urgent action to avoid a serious negative impact on your business.
Vishing combines the words’ voice’ and ‘phishing’. This type of scam involves scammers calling from a scam call centre claiming to be from an organisation to steal victims’ personal confidential information. Even though it’s quite an old trick, it still works, as you often see on the news. Our advice? Hang up right away if you suspect a scammer has called.
Another phishing threat that everyone knows well is phishing through SMS messages. Cybercriminals will write a short but convincing message to lure victims into clicking and entering a fraudulent website. The common text you’re likely to see could be “Congratulations! You’ve won a prize”, but you will then be required to fill in your information to get your prize.
Angler phishing is a new scamming technique many people are unfamiliar with. Hackers will keep their eye on a victim’s social media behaviour and then impersonate an official from an organisation to trick them. For example, suppose you complain on Twitter that you are receiving poor service from your mobile phone provider. In that case, the cybercriminals will impersonate an official from that provider, tell you that they will fix your issue, and then get your personal information by sending a link for you to “verify your identity”.
CEO Fraud Phishing
CEO fraud phishing is similar to whaling phishing, but CEO fraud phishing attacks are worse. The criminals use high-ranking officials as bait to deceive the victims. For example, they impersonate the CEO and send emails to staff in the company asking them to send confidential information or instantly transfer money to them.
Search Engine Phishing
Another new technique is to exploit the trust users have in search engines. Scammers will create websites that offer benefits such as product discounts, giveaways, or job announcements, and boost their website ranking with SEO techniques to drive traffic to fraudulent websites.
As you can see, phishing attacks lure victims into clicking on fraudulent websites to steal passwords and other personal information, including financial information. When creating a fraudulent website, cybercriminals will work hard to ensure it looks like an official website, but often there will be a misspelling in the URL. Victims often overlook this kind of typo. So, if you receive a message that looks or sounds suspicious, check closely to see if it comes from a trusted source.