Phishing is a form of socially engineered attack which depends more on manipulating the user’s behavior rather than finding system vulnerabilities. Most common methods of combating such attacks rely on spreading awareness and training the user in safe internet practices.
Types of Phishing Attacks
Mentioned below are some of the popular types of phishing attacks that users can be wary of:
- Spear Phishing- Spear phishing is a form of targeted phishing where the attacker identifies a specific target or company. The content is socially engineered according to the details and nature of the individual making them extremely difficult to detect. Such targeted nature of the content increases the chances of entrapment and is one of the most successful forms of phishing attacks present today.
- Clone phishing- In clone phishing, legitimate emails are cloned and stripped of their previous recipients. Any attachment or link that was present in the original weapon is replaced with malicious content or corrupt link which when clicked initiates the attacks.
- Whaling- Whaling involves phishing attacks which are specifically targeted towards high ranking company executives. Top company executives while experts in their domain often have vulnerable security practices and weak password protection practices. Targeting such officials not only makes for an easy target, but the level of access they provide can have devastating consequences in the wrong hands. The content for these is specially customized to match the language that these high executives are accustomed to. Quite often, these whaling attacks show themselves in corporate mailings. The malicious content is hidden behind deceptive messages which ask for a particular report or company data which requires the executive to provide login details.
Today most mailing services and web browsers employ spam prevention and phishing detection capabilities which prevent such attacks. Additionally, corporate email services have adopted strict protocols which filter such contents.