Types of phishing scams you should know

One phish, two phish, spear phish, clone phish. Are your employees at risk for falling hook, line, and sinker for a phishing scam?

It’s a big scary world out there when it comes to cybersecurity threats. While cybersecurity companies can help keep your business safe, it’s still important for end users to have some understanding of security themselves to help limit risks.

Phishing is a type of cyber attack where criminals try to obtain personal information like passwords through malicious emails claiming to be from reputable companies. There are many types of phishing including spear phishing, CEO fraud and clone phishing that use social engineering to manipulate victims. According to Forbes, phishing attacks cost American businesses roughly half a billion dollars every year.

We’ve listed some of the most common types of phishing every professional should know about in order to protect their business.

Spear

An email scam targeted at a specific individual, organization or business. This is typically done to steal data, but criminals may also intend to install malware on a targeted user’s computer.

Whaling

Whaling is similar to spear phishing, but often targets someone in a specific role in a company like the CEO, CFO or COO.

Clone

When a phishing email is nearly identical to one sent by a legitimate company but the attachment or the link in the message is malicious. The cloned message is based off a legitimate one that has already been sent to the victim, which tricks them into thinking the clone is authentic.

Vishing

This is phishing over the phone. Criminals are able to trick victims into giving up sensitive information by giving them enough specific details to sound reputable. They could be masquerading as your financial institution, law enforcement or another organization that would have your personal information.

Business Email Compromise

A phishing scam targeting companies that do a lot of business abroad. Attackers trick them into sending a wire transfer by pretending to be one of the company’s vendors or partners.

CEO fraud

A type of phishing and BEC where the emails appear to be from an internal email address impersonating an executive to try trick employees into releasing confidential information or spending wire transfers.

Search Engine

A newer type of phishing, this is where the attackers create a fraudulent website offering an amazing deal and use keywords to get it to rank in a legitimate search engine. This type of phishing is less targeted but very deceptive.

Here are some tips to avoid falling victim to a phishing attack.

Pay close attention to the email address. Fraudsters will use a very similar variation of a legitimate email, so make sure you double check before you click on links, download files or send sensitive information.
Keep a close eye on spelling in those URLs too. Don’t click on anything that looks suspicious or you weren’t expecting that prompt you into entering your username and password.
If you think something in an email looks strange but it appears to be from a source you know, contact the sender directly by phone or a new email to confirm. This goes for phone calls too. Hang up and call the organization back on their listed number before you share important information.
Avoid sharing your personal information on social media. Attackers can gather details about your life such as your birthday or vacation plans and use it to manipulate you.
Invest in training for your staff like KnowBe4 to help them recognize threats.

Unfortunately, this is just the tip of the cyber threat iceberg. There are many more types of malware, phishing scams, and other hacking methods. It’s important to be aware of common threats when using your personal or professional networks. Try taking security awareness training so you can recognize common social engineering tactics. Also, keep an eye on the news (or our social media pages!) to see what threats are currently making headlines.

Interested in improving your cybersecurity plan? We can help.