Last Updated on 1 year by Touhid
Phishing is a type of social engineering attack which attempt to gain sensitive and confidential information such as usernames, passwords, credit card information and network credentials. In this post, we will discuss different types of phishing attacks and their attacking techniques.
Types of Phishing Attacks
In cyber world, there are different types of phishing attacks and phishing scammers sends phishing emails to victim in order to steal personal information. The types of phishing attacks are deceptive phishing, spear phishing, clone phishing, website phishing, and CEO fraud, which are described as below:
1. Deceptive Phishing Attack
Deceptive phishing is the most common types of phishing attacks and it is also known as traditional phishing. In this phishing techniques, an attacker attempts to steal user’s confidential information or login credentials. The most common form of deceptive phishing techniques are as follows:
A. Phishing Attack Technique 1: Here, attackers send a message to victims which seem to be one of your trusted service providers, and asking you to send personal information through a different portal.
B. Phishing Attack Technique 2: In this technique, victim receives an email from attacker and the email contains a URL link. The URL is almost legitimate link but may have a malware script to collect information without user acknowledgement.
2. Spear Phishing Attack
Spear phishing is an email-spoofing attack that attempt to unauthorized access and steal sensitive information from a specific victim.
Phishing Technique: In this technique, attacker sends an email or online messaging to victim and include some personal data such as: the name of the victim, his role in the company, email address or his contact number. The reason for include these information is to gain his confidence and, therefore, obtain the information they need to compromise and access the confidential data they are looking for.
Learn more about How to Protect Spear Phishing Attacks?
3. CEO Fraud
CEO Fraud or Business Email Compromise (BEC) is a type of spear-phishing email attack in which the attacker impersonates your CEO. The attacker act as a senior company executive to steal funds or gain access to sensitive business data. The most common form of CEO fraud techniques are as follows:
Phishing Technique: Attacker uses the name of your CEO but a different email address. The attacker trick you into transferring money to a bank account owned by the attacker, to send confidential information, or other sensitive information.
In the case of CEO fraud phishing, the attackers target a company’s finance department.
4. Clone Phishing Attack
Clone phishing is a type of phishing attack where a hacker copies a legitimate email and previously delivered email. This type of phishing is used to create an almost identical or cloned email and sent from a trusted organization.
Phishing Technique: Attacker sends a email to the victim and the email appears to come from the original sender and the attachment or link within the email is replaced with a fake or malicious website.
Pharming is a phishing scam where an attacker installs malicious code on a personal computer or server to redirect a website’s traffic to another, fake site without user consent. Its aims to gain personal information such as bank accounts, credit card numbers, login credential, or others valuable information.
Phishing Technique: In a pharming attack, attacker changing the hosts file on a victim’s computer or its domain name system (DNS). When a URL is requested, a false address is returned, and the victim is moved to a fake vulnerable website.
A whaling is a common type of phishing attack that targeted attempt to steal sensitive information from a company such as financial information or personal information about employees.
Phishing Technique: This type of attack generally targets senior management that hold power in companies, such as the CEO, CFO, or other executives who have complete access to sensitive data.
7. Website Phishing
A phishing website is cyber-attack which tries to steal your sensitive information such as login credential or other confidential information. Website phishing tricking that you into believing you’re on a legitimate website.
8. Malware Phishing
In malware phishing, the attacker initiates malware’s into the email account or a link directing to a malicious site.
Phishing Technique: A malware will automatically downloaded to victim’s computer and exploiting security vulnerabilities when victim access malicious site.
Learn more about How to prevent Phishing attack?
Finally, we have discussed different types of phishing attack and their attacking techniques. Hope the article will be helpful for you!