What are phishing scams? In this article, Adam Boland of SES explores the various types of phishing attacks and the steps you can take to defend against them.

What are phishing attacks?

Phishing is a type of cyber-attack where attackers pretend to be someone trustworthy in order to trick an individual or organisation into sharing sensitive data, such as login credentials and credit card data.

What types of phishing scams are there?

Standard phishing

Standard phishing attacks are one of the most popular scams that attackers are currently using to trick their victims into sharing sensitive information. These attacks are often sent via email and try to trick you into clicking malicious links or willingly providing sensitive data. They often use a sense of urgency or threatening subject lines and content such as “your account will be disabled”, “your parcel has not been delivered” and “claim your reward now”.

Spear phishing

Spear phishing attacks are like standard phishing attacks but are tailored to target specific people. As these attacks are far more targeted than standard phishing scams, the criminals performing the attacks will gain much more information about their target prior to initiating the attack to make the attack appear more genuine, increasing their chance of success.

Whaling

Whaling attacks are essentially spear phishing attacks which are targeted at high level individuals within a company. This type of attack is used as a single successful whaling attack can be far more profitable than multiple standard phishing attacks due to the sensitive nature of the information the targets have access to.

Pharming

Pharming attacks involve attackers infiltrating your computer and installing malware which redirects you to bogus sites developed by the attacker. These attacks are often initiated by the attacker sending out malicious emails which, when opened, install malware on the target’s computers.

The major issue with this type of attack is that they are often very difficult to detect. Even if the victim manually enters the URL of the website they are trying to reach, they will still be redirected to the bogus site and tricked into sharing their login credentials or sensitive information.

Vishing

Vishing works in a similar way to standard phishing attacks in that it attempts to deceive someone into sharing their sensitive data. However, the attack is coordinated using voice technology (telephone, voicemail or VoIP) instead of email.

The victim receives a message stating that suspicious activity has taken place and the attacker poses as a legitimate, trusted source, such as bank or government agent, to carry out the attack. The attack is then coordinated via a direct phone call or the attacker leaves a message requesting the victim to call a number and verify their identity, thus divulging their sensitive information.

How can you spot the signs of phishing?

Although these attacks have different targets and methods of delivery, they all share certain characteristics. Some of the more common signs of a potential phishing attack are below:

• Poor spelling, unnecessary characters and missing information

One of the quickest and easiest ways to spot phishing emails is by reading through the text contained within the email and looking for odd spellings or out of place grammar. These are often found in the subject line of phishing emails to confuse spam filters but can also be found in the main body of text.

Other signs of phishing emails include generic greetings, such as “Dear Customer”, “Dear - your email address”, poor use of English and bad graphics. Finally, the sender's email is often unnecessarily long rather than a standard name@companyname.co.uk.

• Request information or payments

If a phone call, voicemail, email or text message asks you to log into an online account or make a payment you were not aware of, be cautious. Companies will never ask you for your personal details in full, instead ask for snippets of your credentials (for example, 1st, 4th and 6th characters from your password) to confirm your identity.

What can you do to protect your business from phishing attacks?

There are various ways in which you can protect your business from phishing attacks, including:

• Keep your bank details secure

Never give out any bank details to anyone who has called you unexpectedly, even if they do claim to be from your bank.

• Use a spam filter

A spam filter will filter your incoming emails and mark anything suspicious as spam. If an email which looks bogus does make it into your inbox, mark it as spam and delete it. Never click any links or open any attachments contained within as they could potentially install malicious software on your computer just by clicking on them.

Summary

If you do feel you have been the victim of one of these attacks, you should speak to your IT team or cyber security partner immediately to contain the attack and reverse any damage and disruption caused.

About the author

Adam Boland is an Account Director at SES and has 18 years’ experience protecting businesses continuity with Software Escrow and Cyber Security protection. SES protect over 2,500 Software Developers, IP Owners, Distributors and End Users in over 40 countries across the world.

See also

A beginner's guide to payroll software

How to protect critical applications with a SaaS Escrow Agreement

Why email encryption is essential to your business

Image: Getty Images

Publication date: 11 March 2021

Any opinion expressed in this article is that of the author and the author alone, and does not necessarily represent that of The Gazette.