8 Types of Phishing Attacks Everyone Should Know About

There are no people in the world who would never hear the words "virus" and "Troyan." These threats are a serious danger to PC users, but they are not limited to two things. There is a lot of others, including phishing.

Phishing is a method used by Internet fraudsters in order to take possession of the necessary information. It is closely related to social engineering, that is, it implies not only the use of high technologies, but also the psychological ways of impact on a person. Fishers are not bend to play on weaknesses - fear, greed, curiosity, jealousy and other things. Most often, their goal is to deceive payment or banknotes, and then take possession of other people's money.

Phishing fraud originated in the 80s of the last century, his flourishing fell at the beginning of 2010. According to the study of the IT organization Barracuda, in the last year phishing found a second breath: COVID-19 pandemic provoked an increase in attacks by 667% from January to March 2020. But there is a more disturbing indicator: the Intel spent the survey shows that 97% of people are not able to recognize a phishing letter.

In order not to become a victim, it is necessary to have an idea that the methods are in the arsenal. We offer to get acquainted with 8 different types of phishing, from which thousands of people suffer daily.

1. E-mail phishing

The most common, but at the same time a very primitive type of attack through an electronic box. He is not aimed at a particular person. As a rule, fraudsters make the newsletter of the same letter to thousands of users in the hope that at least some of them go to a fake site, load a malicious file or execute other instructions.

Since this type of fraud is not personalized, the letter uses universal appeals of the type "Dear owner of the account," Dear Program Member ". The alarming words "urgently", "immediately", "blocked" are aimed at weighing the user. Winning promises sleep vigilance.

Popular reception is to intimidate the user by the fact that its account was hacked, and urgent measures are needed. In the first seconds, it seems that the sender is the real organization with which you dealt, or the site where they were registered. But it is enough to bring the mouse to the link in the letter, and the real link to the transition will appear at the bottom of the browser window. They will be very different.

2. Target phishing

Unlike the previous one, this type of income fraud is more sophisticated and promoted. His goal is a certain person or a group of persons. It is often used by known hackers for hacking organizations.

Conducting the target phishing is preceded by training. The attackers collect information about the victim, her past, circle of communication. All this is done so that the letter looks as personal and plausible as possible. That is why most victims of the target phishing are not immediately realized that they are bred.

But it is possible to take an attack in most cases. If in an email you received an unusual request from a familiar contact (vote on the link, something to download), it should immediately visit suspicion. Before you download any attachments or click on the link, you must verify the address of the sender of the letter with the address through which you usually rewrite with this contact. Finally, everything will break the phone calls on the shelves: it will help you make sure that your familiar request sent this request, or this fraudsters act on his behalf.

3. Weiling

also sophisticated and cunning reception. His difference from the previous ones is that it is aimed at high-ranking faces - managers, directors, officials and other "whales" of business and politicians.

The appeal in the letter is usually personal named, and the letter itself can be decorated in the form of a summons, legal complaint or something that requires urgent response.

Malefactors spend a lot of time on an extensive study of the personality and compiling a plausible message. The victims often become key members of organizations that have access to confidential information or financial reserves of the company.

In the process of attacking, a person receives a reference to a skillfully formed site, where it is necessary to fill the input shape. The logins entered there, passwords, access codes fall into the hands of intruders and are subsequently used for illegal enrichment. Sometimes the text in the letter is not fully published, and then from the victim you want to download the attachment to view the rest of the message. As you can guess, when downloading this attachment, a malicious code is launched, which removes protection from a personal computer.

4. Vising

Hisring (or voice phishing, Voice + Phishing = Vishing) acquired relevance recently. It is based on no correspondence, but communication by phone. As a rule, attackers give themselves for employees of financial organizations and try to get data to enter someone else's account or information from a bank card.

The victim is trying to derive information about expired taxes from mental equilibrium. Sometimes fraudsters are pretending to be technical personnel and request remote access to the computer to solve any "problems" with the account. In some cases, pre-recorded replicas are used instead of a live conversation, and the phone number is forged in such a way that it looks like a local one. Scammers literally spam in words, and the victim does not have time to logical reflections. More often than others, representatives of the older generation come across the rod of Vishivaga, not familiar with high technologies, gullible and simply impressionable people.

Cyber ​​security experts warn that report confidential information, such as passwords to enter the account, passport data, payment information, etc., is extremely dangerous. To find out for sure, is there really some kind of problems with the financial account, reset the call and dial the bank number printed on the map. So you will be guaranteed to contact the official representatives of the bank.

5. Smyshing

Smishing is a divorce using text messages in messengers or SMS. The principle has already been described: a person receives a reference to a fake site, where it is proposed to enter valuable information.

In some cases, hackers are trying to play greed: the report says that you have won the prize, but until you enter the required data, with a won amount will be held the hourly account service commissions.

In order not to give themselves, simply do not open messages from unfamiliar senders and in no case go along the links, as if curiosity is neither torn.

6. Angler-phishing

Relatively new Tactics Angler-phishing (ANGLER - Sea Damn) is conducted through social networks. Fraudsters are looking for people who publish messages or reviews about services, and are associated with them on behalf of customer support services.

In fact, it looks like this. Suppose, in your account you have published an indignant post about the delay of translation, the impulse handling of personnel or something else, which speaks of the improper quality of services. The name of the organization was explicitly mentioned. Keep in mind: if soon the representative of this organization will contact you, it may well be a fraud.

Attack will begin with a personal communication on the social network. You will be asked to follow the link to discuss the problem with support service, and then provide confidential information to confirm the person.

When receiving such messages, the correct step will contact the support service through secure channels - the official website, official accounts in Twitter or Instagram, where there is an icon saying that the personality Account owner has been confirmed.

7. Ceo-phishing

Almost the same as Wieling, only in this case managers and managers of companies become victims. The method itself is characterized by special sophistication, since the attacker does not just deceive confidential information, but also gives itself for a high-ranking person. Pretending to someone from the manual, he sends a subordinate email with a request for transferring money or sending important data.

​​

The attack is usually aimed at a particular employee authorized to carry out money transfers or persons with access to internal information. The message itself is written in such a way that the victim does not doubt the need for urgent measures: it corresponds to the company adopted in the company and contains personal appeal.

8. Search phishing

One of the newest types of phishing attacks works with the involvement of search engines. For starters, fraudsters create an online store with free goods, discounts and promotions or a site with proposals for work and services. After that, the methods of optimization are going to move so that the site is indexed and fall into search results with the appropriate request. The victim seduced by a favorable deal is trying to place an order and introduces the data that is sent straight to the hands of unaffordial persons.

Some fraudsters, practicing search phishing - these experts on attracting traffic and manipulation by search algorithms.

How not to get into the fishing rod?

In fact, it is not necessary to learn all kinds of phishing and their distinctive nuances at all. It is much more important to understand how fraudulent sites and messages look like and what kind of intruders can use to get to you.

Do not ignore the news associated with cybersecurity. And printed, and online editions from time to time publish information about modern types of divorce, how to recognize them and avoid.

Keep your vigilance. Do not forget that on the Internet is full of personalities who do not mind to enrich yourself for someone else's account. If you are an employee of a large organization, you need an increased caution in online communication: you can become a bridge for which fraudsters will run inside the company.

Any requests on the Internet (especially from familiar contacts!) It is necessary to recheck before performing them.

Attackers like to play on feelings, use fear and panic, provoke curiosity and jealousy to force users to take certain actions. Faced with a direct threat, first of all, you need to calm down and think over a plan of action. And when it comes to tempting offers, the first thing that should come to mind is that free cheese is only in a mousetrap. In our digital world, it is more relevant than ever.