Phishing is a type of social engineering attack which attempt to gain sensitive and confidential information such as usernames, passwords, credit card information and network credentials. In cyber world, there are different types of phishing attacks and the attacker sends phishing emails to victim email in order to steal personal information.
Types of phishing attacks
The types of phishing attacks are deceptive phishing, spear phishing, clone phishing, website phishing, and CEO fraud, which are described as below:
1. Deceptive phishing
Deceptive phishing is the most common type of phishing technique and it is also known as traditional phishing. In this phishing techniques, an attacker attempts to steal user’s confidential information or login credentials. The most common form of deceptive phishing techniques are as follows:
Phishing Technique 1: Here, attackers send a message to victims which seem to be one of your trusted service providers, and asking you to send personal information through a different portal.
Phishing Technique 2: In this technique, victim receives an email from hacker and the email contains a URL link. The URL is almost legitimate link or the site is legitimate but has a serious vulnerability or malware script to collect personal information which is unknown to user.
2. Spear phishing
Spear phishing is an email-spoofing attack that attempt to unauthorized access and steal sensitive information such as account credentials or financial information from a specific victim.
Phishing Technique: In this technique, attacker sends an email or online messaging to victim and include some personal data such as: the name of the victim, his role in the company, email address or his contact number. The reason for include these information is to gain his confidence and, therefore, obtain the information they need to compromise and access the confidential data they are looking for.
3. CEO Fraud
CEO Fraud or Business Email Compromise (BEC) is a type of spear-phishing email attack in which the attacker impersonates your CEO. The attacker act as a senior company executive to steal funds or gain access to sensitive business data. The most common form of CEO fraud techniques are as follows:
Phishing Technique: Attacker uses the name of your CEO but a different email address. The attacker trick you into transferring money to a bank account owned by the attacker, to send confidential information, or other sensitive information.
In the case of CEO fraud phishing, the attackers target a company’s finance department.
4. Clone phishing
Clone phishing is a type of phishing attack where a hacker copies a legitimate email and previously delivered email sent from a trusted organization which used to create an almost identical or cloned email.
Phishing Technique: Attacker sends a email to the victim and the email appears to come from the original sender and the attachment or link within the email is replaced with a fake or malicious website.
Pharming is a phishing scam where an attacker installs malicious code on a personal computer or server to redirect a website’s traffic to another, fake site without user consent. Its aims to gain personal information such as bank accounts, credit card numbers, login credential, or others valuable information.
Phishing Technique: In a pharming attack, attacker changing the hosts file on a victim’s computer or its domain name system (DNS). When a URL is requested, a false address is returned, and the victim is moved to a fake vulnerable website.
A whaling phishing attack, is a common type of phishing attack that targeted attempt to steal sensitive information from a company such as financial information or personal information about employees.
Phishing Technique: This type of attack generally targets senior management that hold power in companies, such as the CEO, CFO, or other executives who have complete access to sensitive data.
7. Website Phishing
A phishing website is cyber-attack which tries to steal your sensitive information such as login credential or other confidential information by tricking that you into believing you’re on a legitimate website.
8. Malware Phishing
Malware-Based Phishing refers to scams that the attacker initiates malware’s into the email account or a link directing to a malicious site.
Phishing Technique: When the victim accesses these types of malicious site, a malware is automatically downloaded to his computer and exploiting security vulnerabilities.