According to a Cisco report, 90% of data breaches are caused by phishing attacks. Millions of users are affected by malware and ransomware. However, phishing attacks are no less harmful. The availability of the latest security protocols and software cannot fully protect against cyber threats. A low user knowledge level increases the risk of becoming a cybercriminals victim. It is important to ensure that all users are properly trained.
Phishing attack is a cyberattack that uses social engineering to illegally acquire sensitive data. Often the attack is carried out through malicious links and files that users are tricked into opening. Phishing attacks are also combined with malware to do more damage. To successfully implement an attack, a cybercriminal carefully studies user behavior. Thus, he selects the easiest and the most efficient way to achieve his goals.
Signs of phishing attempts:
- request for personal and account data, as well as bank card information;
- unreasonable threats;
- urgency;
- errors in the text (spelling, grammar);
- suspicious URLs;
- unique offers.
Cybercriminals are constantly developing new phishing methods to obtain sensitive data.
The most common types of phishing attacks are:
- Email phishing is the oldest and most used type of phishing attack. Emails that imitate legitimate senders target corporate users and individuals. Using a malicious link, document, or image, an attacker forces the victim to download malicious code (for example, «verify» personal information by clicking on a link).
Signs: request for personal information; urgent problem; shortened links; suspicious URL; spelling and grammatical errors; nested files; empty image;
- Spear phishing is more targeted and focused on a specific person or company. Attackers collect information from open sources and attack entire enterprises and departments.
Signs: unusual requests, links to shared drives; suspicious and unsolicited emails; reference to personal data;
- Whaling – a targeted attack on a specific person or group of people from the senior management. Most often the CEO of the company becomes the victim.
Signs: invalid domain address, use of personal email; new contact requests;
- Business email compromise – attackers impersonate managers in order to gain access to his account with the ability to make decisions and send internal requests to employees.
Signs: urgency, unusual behavior, lack of lawyers in correspondence;
- Voice phishing – an attack using a phone to get information or money.
Signs: blocked and hidden number, requests for confidential information or money;
- HTTPS (a standard traffic encryption protocol that requires TSL/SSL certificates) phishing is a URL-based attack that aims to trick people into clicking on a malicious link.
Signs: shortened links, text with hyperlinks, spelling errors in the URL.
- Clone phishing – attackers copy a letter previously sent by a legitimate person or organization, forge the sender’s address and resend it to the victim with a malicious attachment or link.
Signs: duplicate emails, errors in the email address, hyperlinked text.
- SMS phishing – attacks through SMS messages with malicious attachments and links.
Signs: suspicious and unsolicited messages, messages from unknown numbers, authentication request.
- Pop-up phishing – an attack through pop-up windows. Attackers insert malware in the form of pop-up ads. A click starts the infection process.
Signs: Browser notifications, new tab or window, urgent message pop-ups (antivirus update, subscription renewal, etc.).
- Social media phishing – using information from social networks, attackers gain access with the help social engineering to the victim’s confidential data.
Signs: suspicious links, suspicious accounts.
- Angler phishing – attackers pose as customer service employees in a phishing attack by creating a fake account and contacting a potential victim. During the interaction, the cybercriminal specifies personal data, and then provides a link to solve the problem that contains malware.
Signs: unverified account, no profile history.
- Evil Twin phishing – attacks consist of creating an unsecured Wi-Fi hotspot and luring users into connecting. Once the victim has connected, all incoming and outgoing data (personal information, financial data, etc.) can be intercepted by attackers. This type of attack is more likely to occur in public places with free Wi-Fi (cafes, hotels, airports, etc.). The best way to avoid becoming a victim in this case is to use a VPN.
Signs: duplicate Wi-Fi hotspots, security alerts.
- Website spoofing – creation of a completely fake site identical to the legitimate one to obtain confidential information. Most often, the websites of organizations from finance, healthcare and social networks field are faked, as they contain important personal information.
Signs: errors in writing URLs, errors on the site.
- Email spoofing – creating a completely fake email domain.
Signs: suspicious and unsolicited emails, errors in email addresses.
- DNS spoofing (pharming attacks) is a technically more complex type of attack where a cybercriminal has to hack a domain name server (DNS) that converts domain names into IP addresses.
Signs: unsecured website, website errors.
- Image-based phishing – occurs through sending an email with an image that contains hyperlinks, malicious URLs, links to infected sites.
Signs: embedded link in image, spam, large call to action buttons.
- Search Engine Phishing – attackers create legitimate pages based on keywords and queries to rank in search engines (Google, Bing). The pages contain interesting suggestions to lure the victim into entering banking information. More often, such pages offer free vacations, products, investment opportunities, discounts, job offers, etc.
Signs: attractive offers that are hard to refuse, poorly designed sites.
- Watering Hole phishing – an attack is aimed at a specific company or group of people by infecting a site they frequently visit. Cybercriminals find site vulnerabilities, infect it, and lure potential victims with emails to that site.
Signs: security alerts, security testing.
- Man in the middle (MITM) – an attacker intercepts the communication chain, becomes an «intermediary», controls communication, intercepts data and has the ability to manipulate it to obtain personal information from both sides.
Signs: insecure sites, spelling errors in the URL, noticeably slow communication process.