Phishing

We would Be Happy To Assist You

A phishing attack is a type of cybersecurity threat that targets users directly through email, text, or direct messages. During one of these scams, the attacker will pose as a trusted contact to steal data like logins, account numbers, and credit card information.

1. Spear Phishing

Where general email attacks use spam-like tactics to blast thousands at a time, spear phishing attacks target specific individuals within an organization. In this type of scam, hackers customize their emails with the target’s name, title, work phone number, and to steal data like logins, account numbers, and credit card information.

2. Whaling

Whaling is a variant of spear phishing that targets CEOs and other executives (“whales”). As such individuals typically have unfettered access to sensitive corporate data, the risk-reward is dramatically higher. Whaling is for advanced criminal organizations that have the resources to execute this form of attack.

3. BEC (Business Email Compromise)

BEC attacks are designed to impersonate senior executives and trick employees, customers, or vendors into wiring payments for goods or services to alternate bank accounts. According to the FBI’s 2019 Internet Crime Report, BEC scams were the most damaging and effective type of cyber crime in 2019.gher. Whaling is for advanced criminal organizations that have the resources to execute this form of attack.

4. Clone Phishing

In this type of attack, the scammer creates an almost-identical replica of an authentic email, such as an alert one might receive from one’s bank, in order to trick a victim into sharing valuable information. The attacker swaps out what appears to be an authentic link or attachment in the original email with a malicious one. The email is often sent from an address that resembles that of the original sender, making it harder to spot.

5. Vishing

Also known as voice phishing, in vishing, the scammer fraudulently displays the real telephone number of a well-known, trusted organization, such as a bank or the IRS, on the victim’s caller ID in order to entice the recipient to answer the call. The scammer then impersonates an executive or official and uses social engineering or intimidation tactics to demand payment of money purportedly owed to that organization. Vishing can also include sending out voicemail messages that ask the victim to call back a number; when the victim does so, the victim is tricked into entering his or her personal information or account details.

6. Snowshoeing

In a snowshoeing scheme, attackers attempt to circumvent traditional email spam filters. They do this by pushing out messages via multiple domains and IP addresses, sending out such a low volume of messages that reputation- or volume-based spam filtering technologies can’t recognize and block malicious messages right away. Some of the messages make it to the email inboxes before the filters learn to block them.

Important phishing statistics for 2021

According to IBM’s 2021 Cost of a Data Breach Report, stolen user credentials were the most common attack method for attackers:

• 85% of phishing attempts went after user credentials
• 20% of data breaches started with compromised user credentials
• 82% of users admit they reuse passwords across various accounts

Most popular phishing attack methods

So how are these attacks occurring? Here’s a rundown of the most popular phishing methods employed by cybercriminals.

• 96% of phishing attacks emerged from email 
• 61% of companies deal with phishing attacks via their social media channels
• 65% of targeted attacks focus on spear phishing, often aimed at stealing the credentials of top executives
• 3% of phishing attacks occur through fake websites
• 94% of malware attacks originate from emails sent to victims

How to Protect Yourself from Phishing

Phishing attacks can be prevented by following the below-mentioned steps:
• Scrutinize the emails you receive. Most phishing emails have significant errors like spelling mistakes and format changes from that of legitimate sources.
• Make use of an anti-phishing toolbar.
• Update your passwords regularly.