Types of Phishing attacks & Protection - Infosec Awareness & Roundup

Practically every business in the world is vulnerable to phishing. According to?Proofpoint’s 2022 State of the Phish Report, 83% of respondents fell victim to a scam attack last year.

What is Phishing?

A digital form of social engineering that uses authentic-looking but bogus e-mails to request information from users or direct them to a fake Web site that requests personal and confidential information. A phishing attack aims to trick the recipient into falling for the attacker's desired action, such as revealing bank account information, system login credentials, or other sensitive information such as social media platforms credentials, etc.

Below are the basic types of Phishing attacks:

1.???Spear Phishing

The first, spear phishing, describes malicious emails sent to a specific person. Criminals who do this will already have some or all of the following information about the victim such as name, company name, designation, email address, etc.

2.???Whaling

Whaling attacks are even more targeted, taking aim at senior executives. Although the end goal of whaling is the same as any other kind of phishing attack, the technique tends to be a lot subtler. Whaling emails also commonly use the pretext of a busy CEO who wants an employee to do them a favor. Emails such as the above might not be as sophisticated as spear phishing emails, but they play on employees’ willingness to follow instructions from their boss.

3.???Voice Phishing

Voice phishing, or vishing, is the use of telephony to conduct phishing attacks. Landline telephone services have traditionally been trustworthy; terminated in physical locations known to the telephone company, and associated with a bill-payer.

4.???SMS Phishing

SMS Phishing also known as Smishing. It involves criminals sending text messages (the content of which is much the same as with email phishing), and vishing involves a telephone conversation. One of the most common smishing pretexts are messages supposedly from your bank alerting you to suspicious activity.

5.???Clone Phishing

Clone phishing is a newer type of email-based threat where attackers clone a real email message with attachments and resend it pretending to be the original sender. The attachments are replaced with malware but look like the original documents. Clone phishing is much more difficult to detect than a standard phishing message. In a standard phishing message, the content is usually poorly written and comes from an unknown source. With clone phishing, the user recognizes the message, making it easier for the attacker to trick the recipient.

How to protect from phishing attacks

Many cyberattacks starting with phishing but trust your inbox again with email security gateways that protects your people and critical information from malware, as well as malware-free phishing and impersonation attempts. The danger is not the email itself but rather what it gets people to do, such as emails that include malicious links or malware that attackers try to trick you into activating.

Email security automatically scans messages and attachments for sensitive data with seamless integration of encryption. Prevent data loss with multi-rule DLP policies for groups and individual users to ensure protection of sensitive information with discovery of financials, confidential contents, health information in all emails and attachments.