One of the most common types of cybersecurity attacks is phishing. When cybercriminals distribute malicious content intended to deceive individuals into falling for a scam, it can take many different forms including email, phone, and text. An attacker can use one of these methods or a combination to trick a user to reveal personal information that can lead to a security compromise.
Below are examples of these types of common phishing attacks.
Phishing (email)
Whale-phishing are attacks targeting whales or executives of the organization. These individuals are the target of this attack since it’s likely they have access to sensitive corporate data.
Spear-phishing attacks target a single victim and look authentic. The email’s “From” line contains fictitious information that makes it appear as though it came from another sender which could be someone the user trusts.
Tips to minimize:
- Review all email details for accuracy and don’t link on links that are suspicious.
Vishing (phone)
Vishing or voice phishing is performed over the phone to entice users to divulge sensitive information. Common attacks include compromised credit card account, unsolicited loan offer, Social Security, and IRS scams with a sense of urgency to provide a solution to get out of the “problem.”
Tips to minimize:
- Don’t answer suspicious numbers.
- Join the National Do Not Call Registry.
Smishing (text/SMS)
In smishing, an attacker sends a message to a target that tempts a user to click a link or submit sensitive information. Your name, other information that is available to the public, or popular brand names could be included in these messages.
Tips to minimize:
- Avoid offers of quick income from cash or prizes after providing personal information.
- Don’t respond to unknown phone numbers.
- Use caution with financial institutions requesting identification or money transfers.
Contact [email protected] to discuss how to minimize phishing attacks for your business.