Various Types Of Phishing Attacks Defined

Angler_PhishingThe definition of phishing is a cybercrime in which potential victims are contacted via email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive information such as usernames, passwords, and banking and credit card details. The information is then used to access important accounts and can result in identity theft and financial loss.

Phishing attacks are growing increasingly sophisticated as attackers put more effort into choosing their victims and launching targeted attacks, according to a recent Emsisoft blog post.

As these targeted techniques become more common, it’s helpful to distinguish between the different types of phishing in order to recognize them in the real world.

Phishing, spear phishing, and whaling are all variations of a type of social engineering attack that falls under the general term “phishing.”

Emsisoft says these are all attacks in which “attackers pretend to be a legitimate entity in order to extract sensitive information from a target,” but they each use a distinctive methodology.

When “phishing” is used to describe a specific type of attack rather than the category under which it falls, it generally refers to widespread messaging campaigns that can target millions of people. Since the messages aren’t targeted, the attacker knows that many of them will be ignored. The size of the sample, however, essentially guarantees that a percentage of people will fall for them. “In this sense, a phishing attack is very much a numbers game,” Emsisoft observes. It’s worth noting, though, that even non-targeted campaigns can be very convincing and successful.

Spear phishing refers to targeted social engineering attacks, in which the attacker identifies a target beforehand and crafts a tailored message using open-source or stolen information about them. These attacks are far more likely to succeed than generic phishing campaigns, although they require more effort on the part of the attacker.

Naturally, attackers who use spear phishing often go after the most valuable targets, which is known as “whaling.” The most valuable targets within organizations are usually high-ranking employees, such as CEOs and CFOs. Whaling attacks are generally sophisticated and multilayered, and can lead to massive financial or data losses.

“Employees across every level of your organization, particularly senior management, and HR and payroll staff, should receive training on how to identify the signs of a phishing or whaling attack,” the blog concludes. New-school security awareness training can give your employees experiential knowledge of these attacks by demonstrating how they play out in the real world.

Emsisoft has the story:


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews