What is Phishing?

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

Phishing has developed significantly over the past 10 years; that is no longer just one type of phishing that you may be prone to. The following are different types of phishing that you might see or hear of: Email Phishing, Spear phishing, Vishing and Smishing, Whaling and Angler Phishing.

What are Email Phishing, Spear Phishing and Whaling?

These types of Phishing are usually done via Email as the vector to attack. Email Phishing is a generic email that is normally sent in bulk to try and fool you into clicking or signing up for something with debit/credit cards.

You would get Spear phishing, a personalised email targeted at you to fool you into giving away personal information or login credentials that they will then use to fraudulently purchase or post. The information they get on you would be found on the dark web from leaked or stolen information databases.

Finally, you have Whaling; this is normally seen in the corporate world as it attacks senior people in organisations, i.e. CEO, CIO etc. They will claim to be working for or with these people or, in some cases, will pretend to be them, and ask you to do something for them so that they can get access to company information or sometimes your information which they will use to attack the company from the inside.

What are Vishing and Smishing?

Vishing is the use of voice messages to trick you into thinking there is something wrong with normally bank payments or tax issues. They will try to convince you that you need to pay or give over details to give them access to your personal information.

Smishing is very similar to Vishing but is normally carried out over text messages; hence Smish stands for SMS Phishing. This will generally provide you with a link on a text and dialogue along the lines of “Track your delivery here” or “There are payments outstanding follow this link to approve them”. These can be a very successful way to fool people into handing over information without knowing they have done it. 

What is Angler Phishing?

Angler Phishing is a relatively new type of phishing on social media platforms. When an attacker poses as a customer service agent to entice angry or disappointed customers to hand over their personal or account information in return, they will deal with the issue they may be facing. They can do this generally through reviews and @ tags placed on public websites or pages and will then jump in once they see these and try to fool you into handing over the goods.

How common are phishing attacks?

As a cyber threat, these are common and can be seen daily across both personal and corporate emails and phones. The most common types of phishing are email phishing, spear-phishing, and whaling. The next common phishing type is Vishing, and Smishing is becoming more relevant. Angler phishing is very hard to spot if you're not wary of the telltale signs.

The average for successful phishing attempts is at an increased rate of 57% across the globe. They are becoming harder and harder to spot, and as the attackers improve their attacks, it will be down to the user to ask themselves, “Am I expecting this email?”, “Does this email look legitimate?”, ”Who is sending this to me?"  and “Why are they sending this?”.

How can Alphalake help you? Well, recently we have been putting our security system to good use, to train and inform our staff of the dangers. We could help your organisation do the same and train your employees to spot the telltale signs of the phishing emails they may receive and stop them in their tracks.