In the world of phishing there are many “phishing” techniques in the sea! We could continue to show different forms of phishing. That use different tactics to get you to react, however all good things must come to an end! Here in Part 7, I want to review some of the most common types of phishing.
Phishing is one of the oldest techniques around is not going anywhere! You really are just one click away from an extremely expensive mistake. Knowing what phishing looks like, can help protect you from becoming a victim!
Let’s take one last look!
Email Phishing
In an email phishing attack, a threat actor sends you an email that looks legitimate. Aimed at tricking you into sharing personal and/or financial information in a reply to them. Oftentimes social engineering (use of emotions) is used to get you to react quickly, without thinking. Links can also be used to get you to “click.” Afterward you are redirected to a malicious site used to steal your personal/financial information. Threat actors either use or sell your information for later attacks.
Vishing
Voice Phishing or Vishing is performed over the phone using a voice call. This can occur over a landline, cellular, a Voice over Internet Protocol (VoIP) system (calls over the internet), or by voicemail. Threat actors may “bait” you by creating a sense of emergency or making unrealistic promises to appeal to your sense of curiosity or emotion. Once they have your attention, they trick you into giving up confidential information to them over the phone.
Threat actors often provide limited details about your accounts such as your email address or phone number. While they “phish” for the rest of the details. In this way, vishing is a social engineering attack, attackers use your emotions to coerce you into doing something you would not otherwise do.
Smishing
SMS phishing or Smishing uses social engineering and fake mobile text messages to trick you into giving your personal or financial information to a threat actor. Likewise downloading a malicious application is also used to gather information. Threat actors often use a tactic called “spoofing” or impersonate a legitimate business or person you may know, such as a child or a friend. Unfortunately, they also pose as authorized people such as government workers, a bank, another financial institution, even your post office.
Smishing text may also contain a link that redirects you to a site that looks legitimate. However, once you enter your personal information, the attacker steals it and either uses the information or sells it to someone who seeks to abuse your personal and financial information.
Pop-up Phishing
Pop-up phishing involves fake messages that “pop up” when surfing the web, whether you are playing games, watching videos, or scrolling your favorite social media account. Oftentimes threat actors “infect” legitimate websites or applications with malicious code (program instructions) that causes these pop-up messages to appear when you visit them.
Threat actor uses social engineering to alarm you by presenting URGENT matters! To “trick” you into clicking the pop-up to steal your personal/financial information or to download malicious files to gain control of your device.
Angler Phishing
Angler phishing attacks take place almost entirely on social media platforms. Threat actors use notifications, direct messages, or fake social media posts to lure you into acting. Commonly, impersonated accounts such as bank customer representatives accounts on Facebook, Twitter, SMS, WhatsApp, etc. are used to steal login information, download malware, or even pay for fake services/applications.
Targeted attacks regularly use information you willingly post on social media such as names, birthdays, vacations, or dissatisfaction with a company or recent purchases. The latest and fastest growing attack uses social media “spoof” sites to draw you into providing sensitive information. Similarly, threat actors can engage in brand spoofing (impersonating trusted brands). Frequently, “brand spoofing” phishing attacks use all forms of communication: email(phishing), voice (vishing), text (smishing), and social media messaging (angler phishing).
Man-in-the-Middle Attack
A man-in-the-middle (MitM) attack is a type of phishing attack in which threat actors sit on the same, “shared” network and use tools to secretly “eavesdrop,” intercept, and capture data going from your computer to the internet. They can also “spoof” messages between two parties, who believe they are communicating directly with each other. The ability to bypass your machine’s security and copy files off your computer becomes possible with a man-in-the-middle attack.
The threat actor gets in “the middle” of you and let’s say your bank’s website or application. Threat actors can then read, block, or modify “Spoof” the information exchanged, such as your account usernames and passwords. Stolen information is later decoded and a hunt to gain access to more sensitive information begins.
About IoT devices
The Internet of Things (IoT), simply said small devices that connect to the internet but do not get regular updates such as thermostats, car alarms, or surveillance cameras are popular targets for Man-in-the-Middle attacks. Rapid growth, lack of updating, lack of security, as well as their potential to deliver a massive amount of personal identifying information (PII) makes “hijacking” their traffic an appealing prospect for threat actors
In conclusion
All phishing is Designed to “trick” you into supplying your usernames, passwords, bank account information, or simply to gain access into your system to gather information. Whether it be by email, voice calls, text messages, pop ups, social media accounts or sitting in between you and an application or site, phishing requires you to click on a link. Sometimes, the link takes you to a fake website and other times; it executes a hidden downloaded application! Social engineering is often used to alarm and “trick” you into clicking or responding. These forms of attacks are widespread and dangerous!
Questions or concerns about phishing? Contact us! We want to help!