Four Common Types of Phishing Attacks
How valuable is the data on your computers and mobile devices? Are they that valuable that today’s cyber criminals will do whatever it takes to steal your data for both criminal and financial gains? I’m sure we can all agree that the information on our computers and mobile devices are of extreme importance to us and that we should do our part to protect ourselves from these four common types of phishing attacks.
In case you are not familiar with the term phishing, it is a way for hackers to steal information through various forms of social engineering. According to Wikipedia, in the context of information security, social engineering is psychological manipulation of people into performing actions or divulging confidential information. While there are many forms of phishing attacks, here are four common types:
- Spear phishing: Spear phishing is an email-spoofing attack that targets either a specific organization or an individual in attempt to access unauthorized sensitive information. These emails are designed to appear as if they are coming from a trusted business partner or friend so hackers can get confidential information.
- Ransom Phishing: Most ransom phishing attacks come directly from emails that contains a link to download malware from unsuspecting user. This type of attack”holds the infected computer as a hostage, until a ransom is paid, typically paid in Bitcoins.
- Pharming Phishing: Pharming attacks can appear even when your browsing a legitimate website and typed in the URL of the site yourself. This can happen because, the hackers have hijacked the intended DNS (domain name system) Server and as a result redirects to a malicious site. Often times, this is not noticed by the users and you have already input your username and password. The cyber criminals then capture your private information. The best way to mitigate this type of threat is to use only sites that have HTTPS (Hyper Text Transfer Protocol Secure) in front of the URL. If you don’t see HTTPS, stop, think and don’t input your private information.
- Whaling Phishing: This type of fishing attack attempts to target the big fish of an organization such as CEO or CFO in order to steal sensitive company information. An example of this type of attack is when a cybercriminal impersonates a CEO and tricks an employee into giving sensitive payroll information. These fraudulent emails appear to come from trusted sources to literally trick the high-profile victim in providing information of important sensitive data. The email being sent by the impersonator (cybercriminal) often includes the company logo and email signature of high profile employee to unsuspecting victims. A few ways to mitigate whaling are limit personal information on public profiles, flag emails coming from outside the organization, establish a verification process if funds are being requested and verify before sending any information.
As you can see, there are many forms of phishing attacks and they often mimic each other, yet the fact remains that we need to be diligent at all times and be mindful to STOP and THINK before you open an email, browse websites and share personal information on your social media accounts. With social engineering, cybercriminals can exploit the data on your profiles for purpose of identity theft and other malicious uses.
The team at Jungle Disk is here to help make sure your data is protected. Please contact us if you are interested in a complimentary cybersecurity assessment for your business.