- Phishing targeted at specific individuals with personalised information to enhance credibility and deceive recipients into disclosing sensitive data like passwords or financial information.
- Phishing is a specialised form of Spear Phishing aimed at high-profile individuals, executives, or celebrities, seeking access to valuable information or financial assets through tailored phishing attempts.
Phishing is a prevalent cybersecurity threat that involves deceptive tactics to trick individuals into revealing sensitive information such as passwords, financial details, or personal data. Attackers often masquerade as trustworthy entities through emails, text messages, or phone calls, aiming to exploit human trust and curiosity for malicious purposes. This form of social engineering exploits vulnerabilities in communication channels to steal information or gain unauthorised access to systems, emphasising the importance of awareness and caution in digital interactions.
Also read: HKBN offers free phishing assessments to SPO
Also read: Can firewalls prevent phishing?
What is phishing
Phishing is a widespread form of social engineering designed to deceive recipients into divulging sensitive information such as personal data, usernames, passwords, or financial details. It consistently ranks among the top five cybersecurity threats due to its prevalence and effectiveness.
In a typical phishing attack, perpetrators send messages where the sender’s identity is falsified to appear trustworthy. These messages, whether through email, phone calls, or SMS, aim to deceive recipients into believing they originate from a legitimate source. The attacker’s primary goal is to persuade the recipient to click on a link that redirects them to a counterfeit website or prompts the download of a malicious file. The fraudulent link seeks to deceive users into disclosing sensitive information like social media credentials or online banking login details.
Most phishing attempts are not personalised but are distributed en masse to millions of potential targets in the hope that some will unknowingly fall victim. Targeted phishing attacks, however, are more sophisticated and involve careful planning and strategic deployment by malicious actors.
4 types of phishing attacks
1. Spear Phishing: Spear Phishing targets specific individuals rather than a broad audience. Attackers tailor their phishing attempts based on information they already have or gather to personalise the message. This approach increases the attack’s credibility by including details like birthdays or job titles, making it more likely to deceive the recipient.
2. Whaling: Whaling is a subset of Spear Phishing aimed at high-profile individuals such as executives, celebrities, or wealthy individuals. Attackers target these individuals for access to valuable information or financial assets, knowing their credentials can lead to significant gains.
3. Smishing: Smishing involves phishing attacks conducted through SMS (text) messages. These attacks leverage the immediacy and high open rates of text messages, often directing recipients to click on malicious links or disclose sensitive information. Smishing became more prominent during events like the 2020 presidential election due to increased reliance on SMS communication.
4. Vishing: Vishing is a phishing technique carried out via phone calls. Attackers use pre-recorded messages or scripts to deceive victims into disclosing personal information or performing actions that compromise security. For instance, in the Twitter breach, hackers posing as IT staff used vishing to trick employees into revealing credentials.
These types of phishing attacks exploit various communication channels to deceive individuals and organizations, highlighting the importance of vigilance and cybersecurity awareness.