11 Types of Phishing Attacks that are too Clever to be Detected

Cyber-attack has been around since the inception of the internet, with phishing attack topping the chart. A phishing attack is a type of cyber-attack which is used to steal the confidential information of the users such as credit card numbers, login credentials, and a lot more.

According to ‘Acronis Cyber Readiness Report 2020’, around 39% of global firms experienced a videoconferencing attack last year. India faced the highest rates of such attacks with 66% of companies reported to have encountered videoconferencing attacks.

We read about such incidents every day, and move on with our to-do list. However, when an award-winning Indian TV journalist Nidhi Razdan revealed recently that she was being duped into believing that she had been hired by Harvard University, the gravity of the phishing attack is realized.

Nidhi Razdan worked as a news anchor at one of the top news channels for 21 years. In June 2020, she announced that she was parting ways with the channel to take up a job as an associate journalism professor at Harvard.

However, after noticing numerous administrative anomalies in the hiring process, she contacted the University authorities. After hearing from the university she realized that she has been a victim of a sophisticated phishing attack.

In hacking`s lingo, Razdan`s case is a spear-phishing attack, which is a more potent version that is harder to detect.

A data report by Cybersecurity company Kaspersky`s in August 2020 revealed that the phishing attacks post-COVID were becoming more targeted. The small companies were more on the radar. These phishing attacks came in the form of emails from HR about the changes in the medical leave procedure, and employee dismissal.

What is a phishing attack?

Phishing is a type of online scam or a cyber-attack, where criminals impersonate legitimate organizations via electronic communication, text message, advertisement, or any other means of communication to steal personal information.

It usually involves a link that will appear to take you to the company`s website to fill in your information. The website is designed so cleverly that the information you fill in will go straight to the criminals.

If you are thinking about why this type of scam is called phishing then let us tell you the reason. The term ‘phishing’ is taken from the working fishing because the hackers are dangling a fake ‘lure’ (the genuine looking fake website) hoping users will fall for it.

Types of Phishing Attacks

Here is a list of 11 types of phishing techniques, you must know about:

Standard Email Phishing- This is the most common of all phishing attack techniques, and is an attempt to steal sensitive information through an email that appears to come from a legitimate organization.

Malware Phishing- This phishing attack uses the same technique, but encourages the user to click a link or download an attachment.

Spear Phishing- Spear phishing is a well-researched and highly-targeted attack. It is generally focused on business executives, public personas, and infamous personalities.

Smishing-Targeting the smartphone users Smishing is an SMS-enabled phishing attack. It often comes in the form of account notices, political messages, and prize notifications.

Search Engine Phishing- Fraudulent websites are designed to collect sensitive information from the victims. These websites can be found in the organic search results or as paid advertisements for popular search terms.

Vishing- Vishing technique involves a malicious caller prompting to be from a bank, tech support, or any government organization trying to extract the confidential details.

Pharming- Popularly known as DNS poisoning, pharming is a technique where a user is navigated to a spoofed page often to steal valuable information.

Clone Phishing- In this type of phishing attack, the criminal lures its victim by compromising a person`s email account by swapping a legitimate link, attachment, or other elements with a malicious one.

Malvertising- This type of phishing attack uses digital ad software to publish normal-looking ads. These ads contain malicious code embedded within them.

BEC (Business Email Compromise)- BEC involves a fake email id that appears to be from someone associated with the target company. The email requires urgent action like wiring money or purchasing gift cards.

Man-in-the-Middle Attack- This phishing technique involves a middle source that monitors the correspondence happening between the two unsuspecting parties. These attacks are generally carried out by creating phony public Wi-Fi networks at public places.

As digital technology is evolving, these attacks continue to find new ways to exploit vulnerabilities. Therefore, it is best to take precautions like using good protection for your operating system. Do not open the links and emails from random and unknown senders.

Also, change your passwords every month and avoid using the same password for different platforms. Never share your details with anyone. If you find you are the victim of a phishing scam, register your complaint with a cyber cell.

Being an entrepreneur is tough! To safeguard your business from cyber threats and other challenges click here :  https://www.badabusiness.com/?ref_code=ArticlesLeads