Phishing attacks are a common security problem that companies face almost daily. Whether it's getting access to passwords, credit cards, or other sensitive information, hackers are using email, social media, phone calls, and any form of communication they can to steal valuable data.
Keeping data secure is not only a priority for companies, it is mandatory in the healthcare industry.
Basically, bad guys are using phishing attacks to target users and trick them into revealing sensitive information so that they can steal and use the information for malicious reasons.
Phishing attacks are continually evolving, and hackers are getting more creative every day that it can be hard to keep up with the various forms of phishing. We put together a list of the six most common phishing techniques in hopes that it will help users be more aware of the common forms of phishing.
The 6 Most Common Types of Phishing:
1. Traditional Phishing
Traditional Phishing is what we refer to as the “spray and pray” phishing attack because it usually involves a mass email that goes out to thousands of individuals in hopes that a few will fall for the scam.
2. Cloned Phishing
Cloned Phishing is a phishing technique where a legitimate and previously delivered email containing an attachment or link had its content and recipient address(es) stolen and used to create a near identical email in hopes that the users will open the attachment or click on the link again.
3. Spear Phishing
Spear Phishing are highly targeted attacks that are meant for specific individuals or groups. Hackers will even gather personal information about their target to increase their success rate of obtaining personal information.
Smishing is a sophisticated version of a phishing attack, where hackers attempt to steal your personal information from your mobile device via text message. A hacker will contact you via text message posing as a trusted source, such as your bank and ask you to click on a link which would then take you to a compromised website.
Vishing is a form of smishing where hackers attempt to steal your sensitive information directly over the phone. This form usually involves the phisher trying to obtain personal information over the phone such as a credit card number or social security number.
Whaling are types of phishing attacks that target senior executives or high-profile targets managers. The content used to carry out these attacks will be crafted as an executive issue, legal subpoena, or a critical business email. These emails could include a link for the user to click on to view the “important” document which then would infect the user’s computer with a form of malware.
Trust No Email
All associates should be wary of phishing attempts to trick you into providing personal or financial information through an email request or a link to a fraudulent website. Phishing is an example of Social Engineering techniques used to fool users and obtain information from them.
Phishing emails may appear to be from a trustworthy source but are designed to trick the email recipient into disclosing sensitive, private and confidential information. By clicking on an active link in a phishing email, the recipient is directed to a fraudulent website that attempts to acquire personal or private information or possibly infect their computer with malicious software. To check the destination of an active link, you should hover your mouse over it and review the address information displayed in the status bar located at the bottom of your browser page; it will show the Web address destination of the link.
Never open an email attachment if you are not expecting the email and if it is from an unknown source. Never click a link in an email and input your username and password, even if prompted. Ensure the link that you are navigating too is a legitimate site.
Security Awareness Solutions
We will work with clients to run a phishing scam simulation to determine how many employees fall for the scam by opening the email and clicking the link. The simulation allows the business to determine what employees need training on how to spot phishing scams. In a simulation recently completed we discovered that nearly 20% of recipients opened the phishing email and 10% clicked the link.
The most effective tool in battling phishing attempts is better user training. Hackers will always be churning out better ways to scam unsuspecting users so educate yourself and your team. Training will help prepare you for the different forms of phishing that are out there and equip you to handle phishing scams that you may receive in the future.