DEV Community

Banyan Cloud
Banyan Cloud

Posted on • Originally published at banyancloud.hashnode.dev on

Top 10 Types Of Phishing Attacks And How Dangerous Their Effects Can Be?

Large enterprises have historically been in danger of phishing attempts. Due to their scale and the likelihood that attackers may identify security flaws, If the phishing attempt is successful, a worker who falls for the trick might jeopardize the future stability of their entire firm. Through penetration testing engagements and incorporating the results in security awareness training programs, organizations must determine how susceptible they are to phishing attacks.

How Does Phishing Work?

Phishing begins with a fake email or other communication to lure a target. The communication is crafted to appear to be from a reputable sender. If the victim falls for it, they may be persuaded to divulge private information on a fraudulent website. Malware may also occasionally be downloaded into the targets machine.

What Are The Dangers Of Phishing Attacks?

Phishing emails are sent to gather employee login credentials or additional information for use in a sophisticated attack on a particular firm. Phishing is a common starting point for cybercrime attacks like Advanced Persistent Threats (APTs) and Ransomware.

We must educate ourselves about phishing attacks because, according to statistics, these crimes are on the rise and not showing any sign of slowing down. Many businesses, even well-known ones, have been the targets of phishing attempts over the years. Below are a few of the more notable instances:

  • According to the FBIs Internet Crime Complaint Center (IC3), with 241,342 victims, phishingwhich includes vishing, SMiShing, and pharmingwas the most common threat in the US in 2020. This was followed by identity theft (45,330 victims), extortion (76,741), non-payment/non-delivery (108,869), and personal data breach (45,741). (43,330 victims).
  • According to Google Safe Browsing, there are now over 75 times as many phishing sites as malware sites online.

Signs Of Phishing

All internet users should be able to spot suspicious emails in their inboxes, especially those who use work equipment or have access to sensitive information. Here are 6 universal indicators that will enable your users to spot phishing emails.

  1. Risks or a Sense of Urgency: Phishers assume that by reading the email quickly, recipients wont thoroughly scrutinize the content and wont detect errors.
  2. Communication Composition: An immediate indication of phishing is when a message uses vulgar language or an offensive tone.
  3. Strange Requests: If an email asks you to behave unusually, that may be a sign that it is harmful.
  4. Language Errors: Spelling and grammatical mistakes are further indicators of phishing texts.
  5. Variations in Web Addresses: One other simple method to spot potential phishing scams is to look for jumbled email addresses, URLs, and domain names.
  6. Interest in obtaining identification, money, or other personal data: Attackers frequently connect to fake login locations that look real by sending messages that look valid.

Understanding the various phishing attempts can help you defend yourself against attackers.

  1. Spear Phishing In spear phishing, a specific person inside an organization is targeted to obtain their login information. Before attacking, the attacker frequently learns about the victim, including their name, title, and contact information.
  2. Email Phishing An email phishing scam aims to fool the receiver into responding with personal information or entering it on a website that the hacker can exploit to steal or sell the recipients data. Sony employees contact information was stolen by hackers using LinkedIn, who then used it to send phishing emails to those individuals. In addition, they stole over 100 gigabytes of data.
  3. HTTPS Phishing Sending the target an email with a link to a bogus website is how an HTTPS phishing attack is carried out. The victim could then be tricked into providing their personal information by the website. The hacker collective Scarlet Widow looks for company employees emails before using HTTPS phishing to target them. The user clicks on the tiny link in the largely empty email they receive to enter Scarlet Widows web for the first step.
  4. Pharming A pharming attack involves installing malicious code on the victims PC. The victim is then taken to a bogus website where this code collects their login information. Pharming costs victims more than $50 million in 2021.
  5. Pop-up Phishing To trick you into clicking, phishing frequently displays a pop-up message claiming a security issue with your machine or another concern. Users have occasionally seen pop-ups claiming they are eligible for AppleCare renewal, which would give them reportedly more extended protection for their Apple products.
  6. Deceptive Phishing To let their targets know they are already the victims of a cyberattack, phishers utilize tricky technology to make it appear legitimate business. After that, the users click on a harmful link, which damages their machine. Users were sent emails from the address support@apple.com and had Apple Support as the sender. The message claimed that the victims Apple ID had been blocked. They were then prompted to validate their accounts by entering information the hacker would use to crack it.
  7. Smishing Smishing is phishing through a text message or SMS. Hackers pretended to be from American Express and sent text messages to their victims, telling them they needed to tend to their accounts.
  8. Man-in-the-Middle (MTM) Attacks The hacker gets into the middle of two parties and tries to steal information, such as account credentials. In 2017, the famous credit score company Equifax was targeted by man-in-the-middle attacks that victimized users. The hackers intercepted their transmissions as the users accessed their accounts, stealing their login credentials.
  9. Website Spoofing Using website spoofing, a hacker creates a fake website that appears natural. Then, the attacker gathers your information when you use the site to check in to an account. Hackers made a fake Amazon website that looked nearly identical to the real Amazon.com.
  10. Search Engine Phishing An attacker creates attractive-looking counterfeit products for search engine phishing attacks. These appear in search results, prompting the user to provide personal data before making a purchase, which is then sent to a hacker. In 2020, Google said they found 25 billion spam pages every day, like the one put up by hackers pretending to be from the travel company Booking.com.

According to the APWGs Phishing Activity Trends Report, more than a million phishing attacks were registered in the first three months of 2022.

It follows a steady rise in attacks over the previous year, 2021, and represents the highest number of phishing attacks documented in a quarter. The APWG recorded slightly more than 200,000 phishing attempts in April 2021. However, it almost increased to 384,291 by March 2022.

Recent Posts

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post →

Top comments (0)

Retry later

AWS GenAI Live!

GenAI LIVE! is a dynamic live-streamed show exploring how AWS and our partners are helping organizations unlock real value with generative AI.

Tune in to the full event

DEV is partnering to bring live events to the community. Join us or dismiss this billboard if you're not interested. ❤️