Introduction to Phishing

In 2019, one third of security breaches involved some sort of phishing attack. As these attacks are becoming more and more sophisticated and involve multiple ways to gather information, it is important to understand all the different kinds of phishing attacks that are committed, how they work and to prevent yourself from falling victim to these scammers and hackers.

Online safety is extremely important for all of us to practice, and by learning how to keep yourself safe you will feel more comfortable while browsing online.

Types of Phishing Attacks

There are phishing attacks that target individuals and there are attacks that target larger companies and corporations. Understanding what the different types are can help you identify them more easily.

Here are the six different kinds of phishing attacks divided into two categories: common phishing attacks and company- focused phishing attacks.

Common Phishing Attacks

envelope, email, open envelope-4313721.jpg

Deceptive Phishing: This is the most common type of phishing attack​. Fake emails are sent out claiming to be from a popular company with an attempt to get ​sensitive account information from individuals.

telephone, dial plate, red-310544.jpg

Vishing: Contact will be made through telephone and the scammer will act as a known company. ​For example, if someone calls you claiming to be from the CRA and stating that you must pay money to avoid arrest, this would be an attempt at a Vishing attack.

whatsapp, chat, message-3012138.jpg

Smishing: Contact will be made through SMS/ text messages​ and often tries to appear like the message is coming from a larger company. For example, you may receive a message from a bank claiming that your account has been suspended and you are asked to provide billing information. There may be a link on the message to trick you in clicking it.

internet, www, mouse-42583.jpg

Pharming: The attacker changes a website URL path (think of this as the address) to another location​ and often the separate site a person is taken to will look like the real website. An example is an incident that happened in 2017, when fraudulent websites were created that mimicked financial institutions.

Company- focused Phishing Attacks

icon, social media, linkedin-2083456.jpg

Spear Phishing: Attempts to gain data prior to contacting the individual through social media sites and focuses on people involved in business.  Gathering this information is often used to personalize messages to the individual.

money, bag, cash-576443.jpg

Whaling Phishing/ CEO Fraud: Attack focused on targeting an executive of a business​. The attacker will attempt to may gain access to employee information.  This type of phishing often has the largest impact, gaining access to an executive’s login information can allow access to multiple employees information.

How does Phishing work?

bait, fish, fishing-2026318.jpg

To understand how phishing works, let’s think of it like actual fishing. There is the fisherman who places a worm or bait onto a hook and throws it into the water hoping for a fish to bite. This is what scammers do, except the worm or bait is an email or message and the fish are people who the messages are being sent to. The scammers hope that when they send the message, they can get someone to fall for it.