There are various types of phishing. The most common amongst them are:
- Email Phishing
- Spear Phishing
Email Phishing: Uses the most common mode of communication between users. Email is sent to millions of users asking them for personal information based on a simple bait to lure the end-users. These emails bait the user showcasing an urgency such as bank account verification, password reset action. The data collected as part of email phishing is used for malicious and illegal activities.
Spear Phishing: Targeted phishing attacks based on research-based on social media data or publicly available data is called Spear Phishing. Spear Phishing attacks are based on information collected from Out of Office messages or messages posted on Social networks.
Whaling: An attack targeting the C suite executives is called Whaling, as the target is a high-value target. Whaling attacks also require additional research on the target and its customer. Usually, these attacks are used to go after an organisation supply chain and customers. In some cases, these attacks are followed up with a phone call to confirm the urgency of the request.
Vishing: Vishing attacks does not use email. Instead, the targets are contacted via phone calls. The attacker mimics various entities to steal sensitive data/funds. In most cases, the attackers impersonate in-house technical support teams to gather information and convince an employee to hand over confidential information.
Smishing: Smishing attacks are also perpetuated via mobile phones. These attacks consists usually of sending a targeted SMS message to the user. The message usually contains a lure (Eg: message from your bank) with a clickable link. The link is usually the malicious site which collects the personal information/banking information.