Chapter 1: Five types of phishing attack that can harm your business

When the European Union issued the General Data Protection Regulation in 2018, companies sent their customers emails regarding their updated privacy policy. Hackers took this as an opportunity to send out a phishing attack disguised as an email from wildly successful hospitality brokerage Airbnb. Such an underhanded tactic is not uncommon these days, so you need to be vigilant if you want to keep your data secure.

Phishing remains among the most common types of cyberattack, reportedly causing 32 percent of data breaches in 2018. In phishing, hackers distribute electronic communication — email, SMS, or social media messages — containing malicious software or to obtain crucial information from their recipients, such as login credentials or bank details.

There was a time when you could tell a phishing email apart from a harmless one by the former’s questionable grammar or poor spelling, but hackers have become craftier over the years. Not only have they found ways to make their messages more believable, but they have also diversified their phishing tactics and techniques.

#1. Phishing

The word is used as an umbrella term to refer to all types of phishing. What distinguishes it from the other types of phishing in this article is the number of its intended victims; it is an indiscriminate attack and is sent out to as many people as possible. If hackers can trick even just a small percentage of the recipients, they will have succeeded.

A general phishing email typically looks like it came from a reputable source. It contains a link to a fake or spoofed website that users have to log into using their email and password. In other cases, the email contains a downloadable attachment, which is usually malware.

#2. Spear phishing

Unlike regular phishing, spear phishing is a deliberate attack on a specific group or individual. To increase their chances of success, hackers personalize the experience. They pretend to be someone the recipient knows — such as a vendor, customer, or colleague — and pressure the victim into providing sensitive information, conducting monetary transactions, or downloading malware.

And it has consistently been proven effective! Imagine getting an urgent email from a trusted co-worker, telling you to send money on behalf of an important client, with the email even addressing you by your nickname as your colleagues would. Won’t you be compelled to do as you’re told? Spear phishing is so effective that it accounts for approximately 95 percent of all phishing attacks on enterprise networks.

#3. Whale phishing

Also known as whaling, this method is similar to spear phishing but is aimed at an organization’s top brass. If successful, whaling can give hackers access to plenty of sensitive information and large amounts of money.

Most CEOs and executives are hesitant to disclose company-related information to just anybody, so whaling requires a lot of research and good timing. Hackers may use contextual attacks, such as legal or financial troubles and other issues the organization is facing at the moment, or specific topics discussed in a previous business meeting, to boost their odds of success.

#4. Business email compromise (BEC)

This is similar to whaling and spear phishing in that it targets a specific individual, but its sole purpose is to steal money. In BEC, hackers use spear-phishing or whaling to gain access to the CEO’s or CFO’s business email. Once they’re in, they send an email to the person managing the company’s funds, telling them to make a bank transfer to a certain account. To ensure the recipient suspects nothing, the hackers imitate the specific ways their initial victims communicate through email.

What's worrying is that BEC is growing in popularity. In 2018, experts predicted that it would cause damages exceeding $9 billion. This is a huge increase from the $5.3 billion in damages incurred in 2017.

#5. Clone phishing

In clone phishing, scammers hack into an existing email and resend it to its original recipients. This resent message contains the same subject and email body, but is “updated” to indicate that the previous email was a mistake and that the cloned message is the correct one. The duplicate also contains a malicious link or attachment.

Phishing looks awfully simple and yet it continues to wreak havoc in different parts of the world. There is no doubt that it will become increasingly difficult to detect over time, so you need to design and implement cybersecurity protocols that all the members of your organization must follow.

Partnering with an organization with proven expertise in cybersecurity will also augment your data’s protection. For years, Zeta Sky has been helping companies secure their network from intruders and different types of cyberthreats 24/7. Boost your protection from phishing and other types of cyberattack by contacting us today!

Zeta Sky

Zeta Sky