The digital landscape is growing at such a rapid pace that it is getting harder for the consumer to traverse this landscape safely and easier for cybercriminals to lay traps. Now, consumers must go through a checklist just to make sure that they are on the real website or got an email from a reputable source. Worldwide, there are 150 million phishing emails sent out daily, with 75 times the amount of phishing sites as there are malware sites alone.
So, what is a phishing attack? A phishing attack is where someone poses as a reputable or trustworthy source, to get you to click on a link or divulge sensitive information about yourself. There are six different types of phishing attacks that cyber criminals can deploy on unsuspecting users: spear phishing, Microsoft 365 phishing, business email compromise (BEC), whaling, social media phishing, and voice phishing.
Spear phishing is a type of phishing that targets specific people rather than a wide group of people in order to personalize the attack and make it look more authentic to the victim. This type of attack is generally used as the first step in breaking through an organization's defense, with 95% of successful attacks to organizations were done through spear phishing.
Microsoft 365 phishing is where attackers make fake emails from Microsoft telling the victim that they have been logged out and need to log back in, or that there’s an issue with the account in order to gain access to that account. It is one of the most common phishing attacks because it is relatively simple to do, and is generally accompanied by a URL link enticing the user to fix the issue promptly.
Business Email Compromise (BEC) is a carefully planned out and researched attack where the perpetrators gather information about the person or business in order to impersonate an executive or business supplier. With the increased use of social media and social engineering, it has become easier for attackers to gain personally identifiable information in order to execute this form of attack.
Whaling is when attackers go after someone who is important or a high-level executive in an organization specifically in order to gain login credentials. This is extremely dangerous for a company because people with this clearance level have access to important and sensitive company information.
Social Media phishing is when an attacker thoroughly researches their target on social media in order to tailor the attack to look more official or real. Since social media usage is only increasing with technological advancements, people are going to have to be more cautious with what information they share with others online to avoid being targeted.
Voice Phishing is where an attack uses social engineering to make a fraudulent call that seems reputable in order to gain login credentials. Newer employees are more vulnerable to these attacks as they are still getting used to the company and how they are set up.
The ways that attackers engineer phishing to their advantage are ever evolving, so it is important to know how to protect yourself and/or your company at every turn while navigating the worldwide web. Luckily, even if you or your company are the targets of such attacks, digital forensics can help you regain a sense of security and prosecute those responsible in a court of law.