When I read about the types of Phishing for the first time it made no sense for me why do we have so many types of phishing, then I started relating this to the real life on why do we have so many types of clothes, brands different types of phone models and makeup’s “Because People are different” and every one may not like just one type or a brand.
In the same way not, everyone falls for the same trick, so hackers/ scammers will come with their customized approach to lure people, hence we have types of phishing attacks.
Lets start understanding the types of Phishing attacks:
Phishing
The close analogy to “Phishing” is “fishing”, in real life to catch a fish we use a “bait like worms” and wait for any fish to bite and then we pull the rod. In the same way in the online world the scammer sends a fake email/ message/QR code/Work email to many people hoping someone would actually click and come into their trap, they are trying their luck.
How to protect against phishing:
Remember Phishing only works when you take a bait, pause and verify before you take any action like clicking links, entering personal information, making payments etc.
Spear Phishing
Spear phishing is more targeted towards a particular individual, they look at your online life, research about you, where do you work, your likes- Books, cooking etc and comes up with a well crafted scam personalized only for you, hoping that you would click on their link.
How to protect against Spear Phishing:
1.Check email address:
Always check the “from address” there will be small changes in the email id like a letter misplaced or added a number, these checks must be done especially if they come from known sources like a bank or from a unknown person.
2.Verify Requests Manually:
Always call or speak in person before approving money transfers or sharing sensitive data.
3.Avoid clicking on any malicious links or Attachments when you receive an unexpected email or messages.
4.Use MFA ( Multifactor authentication)
By chance if the scammers steal the password, it will stop them from entering into the email account as there is one more step of verification.
Whaling:
Whaling is usually targeted towards high profile individuals, CEO’s, executives, government official’s etc. In a regular phishing scammers go for anyone but in whaling they target high profile individuals. The scammers/hackers study these individuals carefully, research about them – job roles, organizations they work for, social media, events they attend. Based on their study the scammer/hacker will customize a high personized email, text or message that looks legitimate – like coming from an event organiser for a conference, a colleague in the office asking to approve the invoice and make the email as realistic as possible or something which interests them and send this across to these high profile individuals.
How to protect against Whaling:
1.Check email address:
Always check the “from address” there will be small changes in the email id like a letter misplaced or added a number, these checks must be done especially if they come from known sources like a bank or from a unknown person.
2.Verify Requests Manually:
Always call or speak in person before approving money transfers or sharing sensitive data.
3.Use MFA ( Multifactor authentication)
By chance if the scammers steal the password, it will stop them from entering into the email account as there is one more step of verification.
