Types of phishing scams you should know
One phish, two phish, spear phish, clone phish. Are your employees at risk for falling hook, line, and sinker for a phishing scam?
It’s a big scary world out there when it comes to cybersecurity threats. While cybersecurity companies can help keep your business safe, it’s still important for end users to have some understanding of security themselves to help limit risks.
Phishing is a type of cyber attack where criminals try to obtain personal information like passwords through malicious emails claiming to be from reputable companies. There are many types of phishing including spear phishing, CEO fraud and clone phishing that use social engineering to manipulate victims. According to Forbes, phishing attacks cost American businesses roughly half a billion dollars every year.
We’ve listed some of the most common types of phishing every professional should know about in order to protect their business.
Spear
An email scam targeted at a specific individual, organization or business. This is typically done to steal data, but criminals may also intend to install malware on a targeted user’s computer.
Whaling
Whaling is similar to spear phishing, but often targets someone in a specific role in a company like the CEO, CFO or COO.
Clone
When a phishing email is nearly identical to one sent by a legitimate company but the attachment or the link in the message is malicious. The cloned message is based off a legitimate one that has already been sent to the victim, which tricks them into thinking the clone is authentic.
Vishing
This is phishing over the phone. Criminals are able to trick victims into giving up sensitive information by giving them enough specific details to sound reputable. They could be masquerading as your financial institution, law enforcement or another organization that would have your personal information.
Business Email Compromise
A phishing scam targeting companies that do a lot of business abroad. Attackers trick them into sending a wire transfer by pretending to be one of the company’s vendors or partners.
CEO fraud
A type of phishing and BEC where the emails appear to be from an internal email address impersonating an executive to try trick employees into releasing confidential information or spending wire transfers.
Search Engine
A newer type of phishing, this is where the attackers create a fraudulent website offering an amazing deal and use keywords to get it to rank in a legitimate search engine. This type of phishing is less targeted but very deceptive.