HFTTF Girişim Zirvesi

Son Haberler

İzmir Bilişim Zirvesi 2015’e Katıldık
ODTÜ Android Geliştirici Günlerine Katıldık
kiralık bahis sitesi fiyatları
bahis sitesi kiralama
THE 7 MOST ESSENTIAL SECURITY AWARENESS TRAINING TOPICS FOR 2021
Oltalama Saldırıları Şirketler İçin Ne Anlama Geliyor?
Websitenizin Güvende Olduğundan Nasıl Emin Olabilirsiniz?
WHAT SHOULD YOU DO IF YOU ARE A VICTIM OF A PHISHING ATTACK?
WHAT TO DO IF YOU RECEIVE A PHISHING EMAIL?
Etkili Oltalama Eğitimi İçin Gerekli Adımlar
Önemli Oltalama Türleri ve Tespit Yöntemleri
EMAIL SECURITY SOLUTIONS
Fidye Yazılımı ve Oltalama 2021’de de Artışta Olacak
E-posta Güvenlik Yazılımı Seçerken Nelere Bakılmalı?
Şu an buradasınız: Ana Sayfa / Genel / PHISHING SECURITY AWARENESS TRAINING: 15 TYPES OF PHISHING ATTACKS YOU SHOULD KNOW IN 2020
Genel

PHISHING SECURITY AWARENESS TRAINING: 15 TYPES OF PHISHING ATTACKS YOU SHOULD KNOW IN 2020

24 Ocak 2021 By 0 1

Phishing Security Awareness Training: 15 Types of Phishing Attacks You Should Know in 2020

2020 was an important year regarding cyberattacks that brought losses resulting in hundreds of millions of dollars globally. It has been important for companies to assess and detect cyber risks regarding phishing. 

According to our phishing statistics, a phishing attack does not just focus on obtaining information; it can also be used to spread malicious programs, like ransomware. Also, email attachments are still the primary method of delivery for malicious software. Also, 97% of users cannot identify a sophisticated phishing email. 

In this blog, we will illustrate 15 types of phishing attacks you should know in 2020.

1. Email Phishing

Email phishing is the common phishing emails that are intended to impersonate a genuine organization but won’t target a particular person or organization. Usually, criminals send out generic emails to millions of emails and expect some naive users to click on fake the link, download the malicious.

They usually aren’t prepared for particular persons, so criminals use general salutations like “Dear” or “Hi”.  Sometimes, they use panic or fear using words like ‘URGENT’ to urge users to click on the fake link or download the malicious attachment.  

2. Spear Phishing

Spear phishing occurs when criminals send phishing emails to specific and well-known targets while implying to be a legitimate sender. Using spear-phishing attacks, criminals can infect devices with malware or persuade targets to hand over sensitive data or money. 

Spear phishing is different from standard email phishing since criminals create advanced and more sophisticated phishing campaigns to penetrate to target organization or system.

3. Whaling

Whaling is another malicious, mischievous member of the phishing family using a more targeted version of spear-phishing focusing more on a special person, usually a high-ranking C-suite managers like a CFO or CEO. The aim of whaling can change from high-value money transfers to trade secrets. Since the target is a high profile representative, the term whaling indicates the target’s high value.

4. Baiting

Baiting is Phishing’s deceptive cousin that includes luring an unsuspecting victim using a highly attractive offer playing on anxiety, fear, greed, and temptation to make them part with their sensitive personal data like account details. 

Through fraudulent and fake ways to capture confidential, personal details such as a password or banking information such as a PIN, they can access your business networks and systems to install malware that executes ransomware.

5. Watering Hole Attacks

Watering Hole attack is a phishing technique where cybercriminals find and follow a particular organization or company’s favored websites and then they attempt to contaminate these websites using malicious code. Then an unsuspecting user will fall victim through one of these infected links like downloads, etc.. Cybercriminals may also choose to attack specific IP addresses to reveal particular data they are looking for, making attacks harder to identify and take preemptive action against it. 

6. Tailgating

Tailgating, also piggybacking, is a popular social engineering attack method, a physical rather than virtual cyber-attack where an unauthorized person accesses a restricted area of an organization or a building to execute a cybercrime like stealing confidential information.

7. SMS phishing

Smishing, or SMS phishing, occurs when a hacker sends text message fraud instead of the phishing email to a target to entice them to hand over their sensitive data or install malware. Generally, the text messages contain a fake link to a phony website that looks really like the legitimate site, asks the recipient to submit their credentials.

8. Vishing

Vishing, or Voice phishing, occurs when a hacker calls the target victims instead of sending the phishing email or SMS, attempts to lure victims into giving up sensitive data over the phone. Generally, criminals manipulate human emotions, like fear, compassion, and desire, and entice them to hand over their sensitive data or money. 

9 . Ad Phishing

Ad Phishing or ad fraud occurs when criminals attempt to cheat digital advertising networks for financial gain, generally using bots to carry out ad fraud.

Some types of ad phishing are as follows:

  • Hidden ads
  • Click hijacking
  • Fake app installation
  • Botnet ad fraud

11. Business Email Compromise (BEC)

Business Email Compromise (BEC)  is an important threat to email security that occurs when criminals target companies that conduct wire transfers and have suppliers abroad. Email accounts belonging to executives or high-level employees related to finance or who are involved with online payments are either spoofed or compromised through malware like keyloggers or phishing attacks, and fraudulent transfers are carried out to steal that money.

12. CEO Fraud

CEO Fraud occurs when criminals target companies impersonating the CEO. Itis a type of spear-phishing attack where criminals aim to lure the victims into sending money to their bank account or handing over sensitive information.

13. Clone Phishing

A clone phishing attack occurs when criminals target companies using copies a real email or cloning a genuine email message that is sent from a legitimate organization. The criminals reconstruct the email by replacing the real link with a fake one or adding extra fake links that redirect to their malicious websites.

 

14. Search Engine Phishing

Search engine phishing occurs when cyber criminals use and manipulate online website search engines. While making a search on online search engines, the victims may see messages that manipulate them to visit the malicious website. The search process is totally legitimate, but the website appeared is actually fake and designed to steal the victims’ data or money.

15. Website Spoofing

Website spoofing is a phishing technique that criminals generate a fake website to trick victims that the website is real and legitimate. Usually, the spoofed website has the same design as the target website and possesses a similar URL to deceive victims. 

Phishing Security Solutions

“This post is originally published at www.keepnetlabs.com”

RSS Teknoloji Haberleri