Top 10 Types Of Phishing Attacks And How Dangerous Their Effects Can Be?

  • According to the FBI’s Internet Crime Complaint Center (IC3), with 241,342 victims, phishing — which includes vishing, SMiShing, and pharming — was the most common threat in the US in 2020. This was followed by identity theft (45,330 victims), extortion (76,741), non-payment/non-delivery (108,869), and personal data breach (45,741). (43,330 victims).
  • According to Google Safe Browsing, there are now over 75 times as many phishing sites as malware sites online.
  1. Risks or a Sense of Urgency: Phishers assume that by reading the email quickly, recipients won’t thoroughly scrutinize the content and won’t detect errors.
  2. Communication Composition: An immediate indication of phishing is when a message uses vulgar language or an offensive tone.
  3. Strange Requests: If an email asks you to behave unusually, that may be a sign that it is harmful.
  4. Language Errors: Spelling and grammatical mistakes are further indicators of phishing texts.
  5. Variations in Web Addresses: One other simple method to spot potential phishing scams is to look for jumbled email addresses, URLs, and domain names.
  6. Interest in obtaining identification, money, or other personal data: Attackers frequently connect to fake login locations that look real by sending messages that look valid.
  1. Spear Phishing — In spear phishing, a specific person inside an organization is targeted to obtain their login information. Before attacking, the attacker frequently learns about the victim, including their name, title, and contact information.
  2. Email Phishing — An email phishing scam aims to fool the receiver into responding with personal information or entering it on a website that the hacker can exploit to steal or sell the recipient’s data. Sony employees’ contact information was stolen by hackers using LinkedIn, who then used it to send phishing emails to those individuals. In addition, they stole over 100 gigabytes of data.
  3. HTTPS Phishing — Sending the target an email with a link to a bogus website is how an HTTPS phishing attack is carried out. The victim could then be tricked into providing their personal information by the website. The hacker collective Scarlet Widow looks for company employees’ emails before using HTTPS phishing to target them. The user clicks on the tiny link in the largely empty email they receive to enter Scarlet Widow’s web for the first step.
  4. Pharming — A pharming attack involves installing malicious code on the victim’s PC. The victim is then taken to a bogus website where this code collects their login information. Pharming costs victims more than $50 million in 2021.
  5. Pop-up Phishing — To trick you into clicking, phishing frequently displays a pop-up message claiming a security issue with your machine or another concern. Users have occasionally seen pop-ups claiming they are eligible for AppleCare renewal, which would give them reportedly more extended protection for their Apple products.
  6. Deceptive Phishing — To let their targets know they are already the victims of a cyberattack, phishers utilize tricky technology to make it appear legitimate business. After that, the users click on a harmful link, which damages their machine. Users were sent emails from the address support@apple.com and had “Apple Support” as the sender. The message claimed that the victim’s Apple ID had been blocked. They were then prompted to validate their accounts by entering information the hacker would use to crack it.
  7. Smishing — Smishing is phishing through a text message or SMS. Hackers pretended to be from American Express and sent text messages to their victims, telling them they needed to tend to their accounts.
  8. Man-in-the-Middle (MTM) Attacks — The hacker gets into “the middle” of two parties and tries to steal information, such as account credentials. In 2017, the famous credit score company Equifax was targeted by man-in-the-middle attacks that victimized users. The hackers intercepted their transmissions as the users accessed their accounts, stealing their login credentials.
  9. Website Spoofing — Using website spoofing, a hacker creates a fake website that appears natural. Then, the attacker gathers your information when you use the site to check in to an account. Hackers made a fake Amazon website that looked nearly identical to the real Amazon.com.
  10. Search Engine Phishing — An attacker creates attractive-looking counterfeit products for search engine phishing attacks. These appear in search results, prompting the user to provide personal data before making a purchase, which is then sent to a hacker. In 2020, Google said they found 25 billion spam pages every day, like the one put up by hackers pretending to be from the travel company Booking.com.

Recent Posts

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Banyan Cloud

Banyan Cloud

The Cloud Native Application Protection Platform built on the Zero Trust & Data Security First principles