Phishing is one of the most aggressively growing cybercrime. Scammers infiltrate the targeted mailbox with malicious emails and entice them into clicking the malicious links. With the increasing level of sophistication, the impact of phishing attacks is becoming more pronounced as the victims expect no foul play. Phishing was first flagged by AOL (America Online) and has evolved at a much higher pace. Attackers today can get access to highly confidential data like SSN number, account passwords, credit card numbers and more with well-planned sophisticated attacks.
The phishers sell the data to the communities that intend to misuse the people information. Phishing may not be a one-time attack. If the victim is not aware of the infection, the malware may keep collection of personal information from the user’s system incessantly. And, this is why it becomes even more important to identify the kind of threat a user is exposed to.
Let us look at the 5 generic categories of phishing attacks:
A phishing attack that is executed over a phone call is called vishing (voice + phishing). The scammers collect data from the targets of social media accounts and online activity. They impersonate a friend, a relative or a salesperson from a reputed financial institution and try to extract credentials and information that can be used to login to the bank accounts. The people need to be aware of such attacks and must always verify the caller’s information before handing over anything personal.
SMS phishing is the oldest, easiest and the most-simple type of phishing attack. The users receive a link over an SMS. The urgency of the SMS text entices the users to click on the link and are directed to a fake page that could demand their credentials.
Search Engine Phishing
Another very common type of phishing. The fake webpages that look very much similar to the branded website are created and the search engine is phished to make the fake URL rank higher than the original one for the specific keyword.