{"id":2322,"date":"2020-03-17T05:11:58","date_gmt":"2020-03-17T05:11:58","guid":{"rendered":"http:\/\/kusuaks7\/?p=1927"},"modified":"2023-12-27T13:50:59","modified_gmt":"2023-12-27T13:50:59","slug":"1ten-different-types-of-phishing-attacks-and-phishing-scams","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/bigdata-cloud\/1ten-different-types-of-phishing-attacks-and-phishing-scams\/","title":{"rendered":"Ten Types of Phishing Attacks and Phishing Scams"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Phishing attacks result in significant losses and damages to businesses every year<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tFor Google and Facebook, the losses totaled more than\u00a0$100 million<\/strong>. Belgium\u2019s Creland Bank handed over more than\u00a0$75 million<\/strong>\u00a0to cybercriminals. And the Austrian aerospace parts maker FACC lost\u00a0$61 million<\/strong>. What\u2019s causing these types of massive losses? Each of these organizations were the victims of\u00a0different (and costly) types of phishing attacks<\/a>.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

What\u2019s a phishing attack?<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tIn general, a phishing scam is a type of cyberattack that cybercriminals use to get users to perform some type of action. These emails are often sent out in mass with the goal of tricking unsuspecting individuals into falling for their scam. Think of your best bud \u2014 the Nigerian Prince who keeps trying to get you to take his money for \u201csafe keeping.\u201d\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tHowever, phishing has evolved significantly since his royal highness first entered the scene. There is now a variety of phishing attacks targeting businesses each day. Some involve the use of emails and websites; others may use text messages or even phone calls. Attacks use these methods with the goal of getting users to provide personal or account information or to make wire transfer funds to fraudulent accounts. The cybercrime industry is reaching unprecedented levels. Cybersecurity Ventures reports that the\u00a0damages of cybercrime<\/a>\u00a0are expected to cost the world\u00a0$6 trillion annually by 2021<\/strong>\u00a0\u2014 of which phishing is anticipated to play a significant role.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tBut when we talk about phishing, what types of phishing attacks are we specifically talking about? There are actually multiple types of phishing scams that businesses are targeted by on a daily basis.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tLet\u2019s hash it out.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

10 types of phishing attacks that can snare your business<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tAs you can probably tell from reading our blog posts, we like lists. A lot. In this case, we\u2019ve put together a list of the most prevalent types of phishing attacks. The goal here is to help familiarize you with many of the different types of phishing attacks that exist and provide an overview of how they work or what sets them apart from other phishing scams.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tJust note that we have them in alphabetical order and not in any particular order of importance.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nNow that we have that out of the way\u2026 Let\u2019s dive in.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

1. CEO Fraud\/Business Email Compromise<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThe first type of phishing we\u2019ll discuss is known as\u00a0CEO fraud<\/a>. In a nutshell, CEO fraud occurs when a cybercriminal sends an email to a lower-level employee \u2014 typically someone who works in the accounting or finance department \u2014 while pretending to be the company\u2019s CEO or another executive, manager, etc. The goal of these emails is often to get their victim to transfer funds to a fake account. Just a bit of bonus info for your upcoming trivia night: In the U.S., CEO fraud is often referred to as business email compromise (BEC), which the FBI says costs businesses billions of dollars.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tFor your viewing pleasure, I\u2019ve included a real example of a CEO fraud email that I received from someone trying to be The SSL Store\u2122\u2019s CEO John Tuncer:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tIn this case, it was easy for me to tell that it wasn\u2019t from him. For one, the email sender is listed as John Tuncer, but the email address isn\u2019t his email account. Second, look at how the email is written \u2014 there is no space between the first section of the sentence and the second part. This is often the case when information is being copied and pasted. Additionally, typos are as common in emails as there are weeds in a field.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThird, at The SSL Store, we use email signing certificates to authenticate all of our employees. This email lacks any sort of digital signature or security measure. We\u2019ll speak more about email signing certificates later in the article.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

2. Clone phishing<\/h3><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThe idea behind a\u00a0clone phishing<\/a>\u00a0attack is to take advantage of legitimate messages that the victim may have already received and create a malicious version of it. The attack creates a virtual replica of a legitimate message \u2014 hence, the attack\u2019s clever name \u2014 and sends the message from an email address that looks legitimate. Any links or attachments in the original email are swapped out for malicious ones.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThe cybercriminal often uses the excuse that they\u2019re re-sending the original message because of an issue with the previous email\u2019s link or attachment to lure end-users into clicking on them. We wish we could say that this doesn\u2019t work; unfortunately, though, it often does because it catches users unawares.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

3. Domain spoofing<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThe next type of phishing we want to mention is known as\u00a0domain spoofing<\/a>. This method of attack uses either email or fraudulent websites. Domain spoofing occurs when a cybercriminal \u201cspoofs\u201d an organization or company\u2019s domain to:\n