As mentioned in a previous post, phishing attacks are one of the most common types of cyberattacks. These attacks are a form of identity theft that aim to trick people into providing certain information.

The most common types of phishing attacks are:

1. Traditional Phishing, also known as deceptive phishing or cloned phishing:

This is the most common type of phishing. The hacker pretends to be another person (someone the victim knows or a reliable company) to obtain either personal information or login credentials. The two most common modalities are: (types of phishing)

a) The victim receives an email from the hacker. In this email, the hacker claims to be a representative of a reliable company and asks the victim to provide certain information.

b) The victim receives an email in which the hacker places a link pointing to a malicious site. Either the URL is almost exact to the legitimate one or the site is legitimate but has a vulnerability that the hacker takes advantage of to place an iframe, and waits for the victim to access and enter certain information.

2. Malware-Based Phishing:  types of phishing

In this type of attack, the hacker introduces some malware into the email or a link pointing to a malicious site. When the victim accesses, a piece of malware is automatically downloaded to his device. This type of attack is especially common for small and medium businesses because the software they use is not always update to the latest version.

3. Spear phishing:

Unlike in the previous cases, this type of phishing attack is usually much more personalized. Hackers normally include some personal data in these emails, such as: the name of the victim, his role in the company or his phone number. The reason for this is to gain his confidence and, therefore, obtain the information they need to compromise the corporate network and access the confidential data they are looking for.

4. Smishing (SMS): 

The attack vector is not the email but the mobile phone. The hacker pretends to act on behalf of a trusted or legitimate company and sends a SMS to the victim, either announcing that he has won a prize or offering him to participate in a raffle or context. To redeem the prize, the victim must:

  1. Click on a link
  2. Call a number
  3. Send back a SMS with certain data

5. Vishing

The term “vishing” stands for “Voice Phishing” and involves the use of the phone. The hacker establishes a fake call center and calls the victim, pretending to be a worker of a supplier, operator, support center or a bank, with the objective of collecting certain personal information.  tipos de phishing

6. Pharming:

In a pharming attack, cybercriminals manipulate the hosts files of a company or its domain name system (DNS). As a result, when a URL is requested, a false address is returned, and the victim is led to a fake website. Consequently, hackers get victims to enter information on a fake website that they control.

7. Search Results:   types of phishing

In this case, the hacker positions a malicious page above the official and legitimate one, using SEO and SEM techniques. When the victim searches for something on the Internet, clicks on the malicious site. The victim, without suspecting anything, enters some personal o confidential information.

 

8. CEO Fraud:

Once the hacker has managed to obtain the credentials of the CEO (or any other person with a relevant position within the company), accesses his account and sends an email asking an employee to make a transfer or provide him any other confidential information.

Whatever the type of phishing, with Randed Isolation Technology your employees can browse the Internet without risking your business. Contact us and discover this and many other benefits.

Follow us on Twitter y LinkedIn to keep up-to-date with the latest news.