Deceptive Phishing
Characteristics of deceptive phishing:
- Most prevalent among all types of phishing.
- Emails appear to originate from a recognized sender.
- Steals data by impersonating a genuine provider.
In this type of phishing, the cybercriminals impersonate a legitimate provider to steal personal information such as credit card details or login credentials of financial institutions. One example of such deceptive phishing is that of PayPal scammers.
Hackers send out emails to recipients to click on a link to ‘rectify specific discrepancy’ in their accounts. However, the link directs the recipients to a fake PayPal Login Page that the hacker uses to steal info. As a user, one should verify all the URLs carefully and look for spelling mistakes, grammatical errors, or generic salutations, and be vigilant to tackle such phishing attempts.
Spear Phishing
Characteristics of spear phishing:
- Commonly observed on social media sites.
- The email looks like it originates from a known sender.
- Uses personalized info about the target.
As the name suggests, spear phishing is targeted-phishing. The hacker collects the target’s name, email id, organization details, work phone number, and other crucial information. The objective is to trick the target into believing that they have a connection with the sender. The hacker aims to trick the target into clicking on a spurious link or download a malicious attachment through which he/she attempts to steal personal information. One can observe such spear-phishing in social media sites like LinkedIn, where it is easy to collect information and craft a targeted attack email.
The best phishing protection methods to employ to guard against spear-phishing are:
-
Train your employees to identify phishing attempts
- Be careful when sharing sensitive private information with people
- An automated email-analyzing solution to identify such phishing emails is the best investment to make.
CEO Fraud
Characteristics of CEO Frauds:
- It usually targets top-level executives.
- The objective is to authorize fraudulent financial transactions.
- Obtain crucial tax info on all employees.
The modus operandi of the cybercriminals is simple in this type of phishing attack. They try to get hold of the login details of a top enterprise executive. In doing so, the hackers impersonate the CEO or high-ranking official to authorize the financial transactions of the business organization. The criminals also use the same email account to request the taxation or W-2 information of all employees. This information has a high demand on the dark web.
Usually, you do not see high-ranking officials or CEOs participating in the employee phishing awareness programs. Hence, it becomes easy for hackers to target this exclusive group. Here are some phishing protection methods to counter such threats.
- Ensure that the top-ranked executives take part in phishing awareness training programs so that they do not become vulnerable targets.
- Make sure that the business organization adopts multi-level authentication for authorizing financial transactions.
Pharming
As a result of business organizations adopting phishing awareness programs and the like, the awareness levels of the employees are now high. Hence, it has become challenging for cybercriminals to choose the traditional phishing scams. Therefore, they resort to a new type of phishing known as pharming.
Characteristics of pharming:
- Redirect the victim to a malicious website.
- Change the IP address associated with a specific website.
- Leverage cache-poisoning against DNS servers.
The Internet uses the Domain Name System to convert alphabetical websites to a numerical form to locate and direct visitors easily. The DNS cache poisoning attack entails the hacker targeting a DNS server and changes the IP address associated with the alphabetical name of the website. Thus, the cybercriminal redirects users to a malicious website of their choice. The problem with pharming is that the victim experiences the same issue even when he/she enters the correct site name instead of clicking on the link.
The phishing protection methods to handle pharming are:
- Use only HTTPS-protected websites as far as possible.
- Have an updated anti-virus software solution installed on your computer networks.
- Ensure to update your security patches regularly.
We have discussed four innovative methods of phishing adopted by cybercriminals all over the world and examined the phishing protection methods that one should use to tackle such phishing attempts. Ultimately, it boils down to two aspects:
- Have up to date security systems installed on your computers.
-
Increase your awareness levels and be vigilant at all times.
These are the most straightforward phishing protection methods you can employ at all times.