Phishing attacks are a dangerous form of cybercrime that utilise social engineering. Sometimes, they're easy to spot; others can look practically identical to the real thing.
This type of cybercrime, while having many subtypes, share more or less a general formula: A message pretending to be from a legitimate source asks you to perform an action that results in personal or confidential information being stolen; for example, your credit card number, Social Security number or business secrets. Sometimes, malware is installed on your device if you click the provided link.
Here, we'll discuss two different types of phishing attacks.
Sometimes called traditional phishing, this type of attack is probably the one you're most familiar with. Usually (though not always) in email form, these cyberattacks typically pose as a large business looking to get you to click a link where you can fill out information on a form. There will typically be a sense of urgency to the email.
For example, you receive an email claiming to be from Amazon saying your account will be closed if you don't click a link — which leads to an Amazon lookalike page with places for you to enter data. The cybercriminal then has access to whatever was typed into the page.
These emails are often produced without much sophistication and sent to as many people as possible. They're relatively easy to spot compared to other types of phishing. However, even one or two hits out of a thousand mean a successful attack.
A far more dangerous form of phishing, spear phishing targets specific individuals, typically on a work email account. The cybercriminal goes through far more preparation and research to make the email look as legitimate as possible.
Rather than claiming to be a business, these usually appear to be from trusted friends or colleagues. If created by a competent thief, the email will look virtually identical to a real one, using the same typing style and language of the spoofed source while commonly including personal information to make it harder to detect as fake.
The type of information they ask for also tends to differ from a deceptive phishing attack. For example, the cybercriminal might be after business secrets or a way to breach the business network.
Train yourself to recognise phishing attacks
The more you know about phishing attacks, the better you'll be able to spot them before they have a chance to steal your information.
For tons more useful tips, check out our blog at WMC Accounting.