With the recent rise in cyber crime, it is more important than ever that you have the correct cyber security posture in place. Phishing attacks are the most common threat facing your organisation and, as 96% of phishing attacks arrive via email and 82% of all successful attacks are down to human error, your employees act as the first line of defence.  

However, a phishing attack can take many different forms, and it is crucial to the success and the safety of your organisation that you, and your employees, are able to identify, mitigate and prevent a phishing attack from developing. We’ve taken a look at the different types of phishing attacks, and how you can detect them.

If you read this post and want more, see our post on the dangers of phishing (and 4 ways to protect your business). Here, we give a deeper-dive into how phishing works, what a breach might cost and how to protect yourself.

1. Email Phishing

Perhaps the most common type of phishing attack, email phishing is a tactic used by malicious actors to pry sensitive information, from your organisation, through deceit. By impersonating a reputable, or well-known, organisation or person, cyber criminals try and trick their victims into opening harmful links, exposing their sensitive data and potentially infiltrating their systems with malware, ransomware or spyware. So, how can you spot an email phishing attack?

  • Do you trust the information? Be sure to thoroughly examine the email address. Cyber criminals will make minor adjustments to contact email addresses to try and catch you out. If your colleague’s email address is joebloggs@marketing.com, they may use something similar, such as joeblogggs@marketing.com, in the hope that you haven’t properly checked the sender’s address.  
  • Is the email grammatically correct? One key indication that an email has come from an untrusted source is misspelt words and an improper use of grammar.
  • Populated with images, rather than text. Emails that are predominantly populated by images could be hiding malicious links beneath – it is crucial that these are reported immediately.

2. HTTPS Phishing

Hypertext Transfer Protocol Secure is more commonly used than HTTP, by organisations, due to the added level of security. However, cyber criminals are now opting to target HTTPS, and use it as a means of infiltrating your business systems. Often used as part of an email phishing attack, you can detect HTTPS phishing by looking at:

  • Does the email include a shortened link? If so, it is essential you take a look at the long-tail format to reveal the entire URL.
  • Hyperlinks. While hyperlinks can be useful, they can also lead your employees to malicious sites, as hidden within may be a harmful link that has nothing to do with what is contained in the original text.

3. Spear Phishing

In our Definitive Guide to Security Awareness Training, we learned that 79% of organisations (globally) experienced a spear phishing attack in 2021.

While spear phishing is also conducted over email, it a far more targeted attack. Malicious agents will use open source intelligence (OSINT), such as email addresses and personal information from company social media pages, granting them access to personal details. This means that they can use job titles, places of work, location and much more, in an attempt to validify the source of the email. This makes them especially dangerous, as they often appear more authentic than your average phishing email. Here’s how to identify spear phishing:

  • Is something awry? If something seems off, then it probably is. If Ben… or was it Ken, in accounting, is suddenly asking you to wire him $10,000, then this is something out of the ordinary and should be treated as such. Of course, this is an extreme example, but cyber criminals operating spear phishing attacks will use your personal information, including the people you work alongside, in an attempt to make their request seem sincere.
  • Implement real-world checks and balances. Many spear phishing attacks can be thwarted through better business processes. For example, rather than giving individuals the authorisation to make payments, ensure that every transaction is approved by one other person before it is executed. Ideally, this verification process should happen outside of email.
  • Documents requiring a password. Be suspicious of documents that are shared with you via a link, which then requires your password. This is another technique used by malicious agents to relieve you of your sensitive information. They will create a faulty link, directing you to a malicious (yet seemingly harmless) site, for you to punch in your passwords, gifting them access to your sensitive information and data.

4. Whaling (or CEO Fraud)

Similar to spear phishing, whaling or CEO fraud uses OSINT to identify the personal details, such as email address, name and location of CEOs to then reach out their employees. This will often be used in the form of an email, where an employee will be asked to carry out a task, or fill out a form, which actually contains harmful sites, links or downloadable content. Things to look out for:

  • An unusual request. Once again, drawing similarities to spear phishing, malicious agents will normally ask for something in this form of attack. If the request is strange, report this to your IT team, or service provider, immediately.
  • Check and check again. As cyber criminals will be unable to use a CEOs unique email address, there will be minor differences. Be sure to thoroughly check the sender’s email to ensure it has come from a legitimate source.

5. Vishing

Vishing, or voice phishing, is a technique used by cyber criminals by which they phone call their victim in an attempt in instil urgency and panic. The malicious agent may pose as bank staff, reporting that your account has been compromised and demanding your details. This form of attack can be effective, due to the sense of panic that can be induced. Be wary of:

  • The number. If you don’t recognise the caller ID, it may be best to ignore the call and search the number online to see if it has been reported.
  • What do they want? Your bank will never ask for information over the phone, which is also true when it comes to company, or business, accounts.

cyber

6. Smishing

SMS phishing or ‘smishing’ is when malicious agents use text messages in an attempt to relieve you of your sensitive information or details. They will often try and create a dialogue with the view to directing to you a particular site, or opening a link, which can then infiltrate your device. You can prevent a smishing attack from being successful by looking out for:

  • Where has this come from? If the message has come from an area code you are unfamiliar with, it is unlikely to be somebody you know, and could be an attempted smishing attack.
  • Odd requests. If they are pretending to be somebody in your contacts list, say, ‘Dad’, for example – why is their number not saved? And why does ‘Dad’ need $400 for the locksmiths, when he’s sat in the garden with his feet up?

7. Angler Phishing

Such is the prevalence and importance of social media, it is of no surprise that cyber criminals have weaponised it and turned it into a useful tool for phishing attacks. Angler phishing is when malicious agents use direct messages, or notifications, on social media platforms to steal information. An angler phishing attack is detectable by:

  • Driving you to other, untrusted sites. It’s one thing receiving a message on social media from a friend, who wants you to check out a funny video on cats. It’s another thing receiving a message, from somebody you don’t know, trying to drive you to a site you don’t trust. These messages to be reported, not opened.

8. Pharming

Cyber criminals will infiltrate a Domain Name Server (DNS), so when a potential victim types in a URL, they will be redirected to a malicious site. This can be especially tricky to spot, as the IP address may still look real, however:

  • Are you safe and secure? Unrestricted and unsecured network alerts are a clear sign you are on a site that you shouldn’t. Look at for these signals, as they help to prevent pharming phishing attacks from being successful.
  • It’s in the detail. While malicious agents may do a decent job at replicating the intended site, there may be inconsistencies in colour schemes, branded logos and even text – while this is tricky to spot, the signs are there.

9. Pop-up Phishing 

We all understand how annoying pop-ups can be. Most of us have popped on a seemingly harmless link, to only moments later be bombarded with pop-ups. Well, cyber criminals use these as tools to launch phishing attacks, where harmful sites will be embedded in the images themselves. Malicious pop-ups can be detected via: 

  • Poor spelling and grammar. Some pop-ups are not harmful, they may be discount codes, chatbots or an array of other friendly features. A clear sign of a malicious pop-up is clear irregularities in messaging, spelling and grammar, so be sure to keep an eye out for this.

10. Clone Phishing

Once again, this form of phishing attack is conducted through email. Malicious agents will identify common practices within organisations that require further action, whether this is amendments to a document, something for an employee to sign or a link to shared files for access. Cyber criminals replicate, or clone, these types of email in order to get a reaction from the recipient. These can be detected through:

  • Are they asking for too much? It’s common to receive an email from a colleague asking for help on a document, or to make a few edits for a client. Asking for personal information, banking information or similar is, however, irregular, and could be sign of clone phishing.
  • Have you already processed this request? Sometimes, bad actors send you an email (which appears as though it’s from a colleague) with a request to review, sign or approve something that you’ve already actioned. If you’ve already performed the task, verify that the email is legitimate with the person who made the request – ideally, this is done outside of email (e.g.: in person or on the phone).

11. Evil Twin

An evil twin phishing attack actually targets your Wi-Fi connection. By setting up an evil twin network, the cyber criminals are then able to eavesdrop on information, data or files that are being accessed, or sent, via this connection. To detect an evil twin phishing attack, keep an eye out for:

  • Unsecured networks. A clear giveaway that a Wi-Fi network is not to be trusted, and the use of said network could be harmful to your connected devices.
  • If the network asks you to login. Once again, most networks won’t ask you to input your sensitive credentials in order to connect. This is a sign that the network is not to be trusted and could in fact be an attempted evil twin phishing attack.

12. Watering Hole Phishing

Malicious agents will conduct research into the sites your employees, or colleagues, most commonly peruse or access. This targeted attack allows them to infect the IP addresses of the sites your organisation often uses, and place malicious codes throughout. This can infect entire systems, so it is crucial you are aware of:

  • Irregularities. Be mindful of any changes to the site that you may notice, this could mean they have been infected with a watering hole phishing attack.
  • Trust your browser’s alerts. If you attempt to access a link that has been embedded with malicious code, your browser will likely alert you.

Tekspace: Don’t Get Caught Hook, Line and Sinker by Phishing Attacks

With years of experience within the field, Tekspace have the expert insight, and support, to ensure you stay safe amid the surge in recent cyber crime. Phishing attacks have become the number weapon of choice for malicious agents, and it is crucial to the success of your organisation that you are well-prepared to fend off this ever-increasing threat.

To find out how the experts at Tekspace can bolster your organisation’s security, book a free consultancy, today.

Book a Consultancy