As our society has become more technology-focused, phishing attacks have become more frequent. Whether hacking into people’s emails or stealing personal information, these attacks are increasing yearly with almost every person or company receiving a suspicious email at one point or another. As phishing has become more common, there has been a notable trend with the types of phishing attacks hackers frequently use. Below is a list of phishing attack trends for you to be aware of to protect yourself in the future.
1. Email Phishing
Email phishing is one of the most common phishing attack trends, as hackers can easily create new email addresses and send automated emails to anyone. These emails may include suspicious attachments or request payment information for credit card numbers and bank account information. The hacker’s goal is to get you to reveal personal information in an attempt to steal your identity and your money. As scary as it seems, these emails can look legitimate.
2. Spear Phishing
Spear phishing goes after a specific person, company department, or individual in an organization. The hacker specifically targets a person or group by performing detailed research to construct a personalized message that seems like it’s coming from a legitimate and trustworthy source. The hacker’s goal is to steal personal information or company login credentials, get the user or department to send over money, and infect the users device with malware.
As innocent as the word whaling may seem, it’s actually an extremely dangerous type of phishing attack. Whaling, also known as CEO Fraud, is a more targeted attack towards senior and C-level executives. Senior management has access to high-privilege account permissions on the network that may expose confidential and financial information, including the company’s employee payroll. Whaling uses the same tactic as spear phishing, but the hacker impersonates a Chief Executive or other high-ranking executive of the company to gain more information on sensitive data and access to company bank accounts, which could result in a loss of a serious amount of money.
4. Invoice Phishing
Invoice phishing is an email scam where hackers send bills for services or goods that you might have never ordered or received. This scam is often overlooked as people don’t double-check their invoices. The invoice generally comes as a PDF attachment usually for an amount under $1,000 to not raise suspicion.
The attachment contains a unique ID and phone number so that if there’s a problem the victim could call in with a question or cancel a payment. If they call the number, they are connected to a call center that is a part of the scam and the operator on the call can then identify the company by asking for the ID number. The operator then takes the victim through steps to download and run remote access software on their computer to cancel the payment.
Once the victim downloads the software, the attacker then has access to download and install a remote administration tool, which allows them access to sensitive files. After the attacker successfully steals the data, he or she sends another email demanding an extortion payment with a threat to release the sensitive information if the payment is not made. The amount of money may be hundreds of thousands of dollars that you may not be able to pay, leading to a company data breach.
Smishing (SMS phishing) is a type of phishing attack that is over text messages. Most text messages come with a harmful link that the attacker tries to trick the recipient to click. The text message usually tries to claim that the recipient won a prize and in order to claim the prize they need to click the link. The website link may impersonate a legitimate website, but in reality the website is trying to steal your credentials and make you download a malicious app. It’s important to remember that reputable companies will never directly contact you over text message to gain access to sensitive information.