8 Popular Phishing Attack Types in 2020 – In this blog, we are going to talk about what are 8 popular phishing attack types you’ll possibly face in 2020 and how to avoid these attacks.
We witness a lot of fraud and phishing attacks lately. Companies and organizations have started to educate their clients and the public about the tactics that attackers use and how to avoid these.
Famous banks and other big holdings have demonstrated that the wellbeing of their customers is their only concern. And thus, a lot of businesses invested in cybersecurity awareness training.
In order to get naive people to share confidential details, attackers frequently resort to phishing techniques, pretending to be someone or something legitimate. As phishing depends on human interest and instincts, they can be hard to avoid, so people need to prescribe a healthy dose of self-restraint in order not to fall victim to these attacks.
Here are 8 popular phishing attack types you’ll possibly see in 2020 and how to avoid these attacks.
1. Email Phishing
Email phishing has been one of the most popular attack types in 2020. A hacker might send an email that seems to be from someone you know, like your boss or an organization that you are familiar with. There is usually an attachment to trick you or a button to click that redirects you to a real-looking site. To see the file or the attachment, they usually ask you to enter confidential information, such as your password. The fraudulent domain might contain substitution of characters in it, such as ‘r’ and ‘n’ as in ‘rn’ rather than ‘m’. You need to be aware of fake email senders and attachments or links if you want to avoid these types of phishing attempts.
2. Spear Phishing
Spear phishing attacks involve a particular person, government, or organization. The main purpose usually is to gather information about the target or the plant malicious malware to the user’s belongings. The threat actor gathers details about the target, such as their name, place of employment, bank verification number, place of birth, job information, title and email address beforehand. There is a common myth that banks are the only ones with such personal information, but individuals may at some stage have filled out different forms for several other reasons. Data-mining is also among the methods criminals gather the personal data of the targets.
3. Tailgating
Tailgating is another way criminals attack their targets through social engineering. It is also known as piggybacking. Many companies and organizations face tailgating attacks day by day. In this type of attack, an employee of the company is tricked by an outside person pretending to be a delivery person. The attackers want to gain access to the building, so they wait outside for someone who has access to come. Then, they ask them to hold the door, follow the employee into the building. This way, they gain access. Or in another scenario, the attackers try to be friends with employees during coffee breaks to get personal information. So, you should be very careful about who you give your information to.
4. Whaling
Whaling has been one of the ways used by criminals to trick senior officers. Threat actors act as c-level personnel at the company and try to convince other employees to comply with their desires. They intend to get money or personal information or to acquire access to the IT systems for malicious purposes. Employees need to have an awareness when it comes to suspicious contact, particularly on subjects regarding sensitive information or money transfers. If the request is found unusual in any way, it should be checked by the IT personnel.
5. Watering Hole Attacks
Watering Hole is a technique of social engineering where cybercriminals observe a specific organization and/or company’s preferred websites. After that, they try to inject these websites malicious codes, and then using one of these compromised links such as download buttons an innocent user falls into their trap. Companies and organizations should take a range of proactive steps to better defend themselves from potential attacks in order to minimize the damage of watering hole attacks like checking regularly visited websites for traps, check the traffic that these websites get in order to determine if they’re safe or not.
6. Angler Phishing
Recently, companies started to open social media accounts to attract consumers. Angler phishing is one of the ways attackers use these accounts to make their plans. They act like these accounts to gather personal information from consumers. Like customers who file complaints. They get in touch with the customer and ask for their information. Customers should check if the account has a blue tick. The healthiest way is to directly get in touch with the Bank or call the help center if you want to avoid these attacks.
7. Smishing
Smishing means that the attacker sends the victim and SMS. These types of attacks are made through phone. Its name is an acronym for SMS phishing. In smishing, the target is asked to call a phone number, share confidential data at a certain time, or click on a connection. Attackers also provide you with links to apps and suggest that you download them, which can be regarded as ransomware. In the world of online security, it is an evolving and rising threat.
8. Vishing
Vishing is when the attacker makes a phone call to the victim. For example, an attacker pretends to be calling from a help center of a bank and says the victim’s account is blocked. After that, they ask for sensitive information like your bank verification number. Even if you know the person you should never give your banking information to anybody. You should be careful in order not to be tricked by these attacks.
“This post is originally published at www.phishing.org.uk”
Teknoloji Haberleri