What is Phishing?
Phishing is a type of cyberattack where
cybercriminals or hackers masquerade as legitimate senders to trick or lure
their target into disclosing personal information, installing malware, or
taking other desired malicious actions. A phishing attack aims to steal
personal or sensitive information like debit and credit card information,
online banking details, login credentials, social networking information, and
all the victim's digital account information or install malware on the victim's
computer. It is considered the most prevalent type of social engineering
attack.
Types of Phishing Attacks
There are different types of phishing attacks; let us look at
some of them.
1. Whaling
Whaling or whale phishing is a type of phishing attack that targets senior executives in the company, such as the CEO, CTO, CFO, managing director, and other privileged positions. In this attack, the hackers pretend to be known, legitimate, and trustworthy entities and persuade the victim to provide sensitive information.
2. Smishing
A smishing attack is carried out via SMS or text messages, and hackers lure victims through SMS or text to execute the attack. A smishing text will often include a malicious link that redirects victims to a form or website that is used to steal their personal information. Through that malicious link, the victim's device could also be infected with malware, including viruses, ransomware, spyware, and adware.
3. Vishing
Vishing is a type of voice phishing scam in which the attacker uses a voice call to carry out the attack. Hackers make fraud calls (or a voicemail) by pretending to be trusted persons or institutions to get victims' bank details or other sensitive information. Voice over IP (VoIP) technology is commonly used in phishing scams.
4.
Email phishing
Email phishing, also known as deception phishing, is the most common type of phishing attack. Hackers send emails with malicious links to each email address they can find.
5. Spear phishing
Spear phishing is a phishing technique that targets specific people or groups within an organization to obtain their login credentials or other sensitive information. It mainly entails email-based attacks with malicious attachments. The attacker often collects information about the victim before initiating the attack, such as the victim's name, occupation, email address, etc.
6.
Angler phishing
Angler phishing is when a hacker utilizes phony posts in social media apps to lure a target to take action.
7. HTTPS phishing
HTTPS phishing attack involves sending the victim an email containing a malicious link to a phishing website. The website is created to deceive the victim into thinking it is authentic.
8. Pharming
In a pharming attack, the Domain Name Server (DNS) is hijacked and utilized as a critical weapon. When a user enters the website address into their browser, the DNS server directs them to the IP address of a malicious website designed to steal their login information.
How can InfosecTrain help you?
Phishing is a very effective type of cybercrime that allows cybercriminals to trick individuals or organizations and obtain their crucial data. InfosecTrain offers a variety of cybersecurity certification courses that can teach you all you need to know about how to prevent phishing scams. You can also enroll in our Cybersecurity Orientation Program, CompTIA Security+, and Certified Ethical Hacker certification training courses.