Phishing scams can range from email schemes targeting companies to cold calling individuals and preying on their vulnerabilities by claiming to offer some sort of help or solution. The objective is the same: stealing user details to gain access to sensitive information.
These include Phishing, Vishing, Smishing, Spear Phishing, and Whaling.
Phishing ranges from scamming a group of user accounts such as anyone who has a Walmart account by sending a blast email, to contacting a particular individual by sending a direct email. Some are more obvious than others. Depending on the type of phishing strategy, the attacker may spend more time on an individual target than a group of users usually because of the access they may have. Some attackers are so sophisticated that even the most careful and paranoid individual can fall victim to such a scam. Phishing attacks are the most common of information security breaches.
Vishing is similar to phishing attacks, where attackers have the same objective of stealing one’s personal or sensitive information, but done through a Voice Call, hence the `V` instead of the `Ph`. The most common is when you receive a phone call from someone claiming to be a large company representative (amazon, apple, irs etc), informing you that your account has been compromised or has some security risks, and they need to verify it is you. The victim will be asked to give their credit card details and allow access to their computer to unknowingly install malware that could contain anything from malware to ransomware, giving the attacker access to bank details, passwords as well possibly blocking them from logging in to their own computer. This is a common case that many have fallen victim to.
Smishing uses the same tactics of vishing, except instead of a Voice Call, a text message is sent to your mobile phone also known as an SMS. Replacing the `V` with `Sm`. The attacker will send a text message claiming to be your bank informing you of a breach to your account and directing you to click on a link in the message or asking you to call a phone number to remedy the issue immediately. Once you follow the link or call the phone number, the attacker will ask you to verify your bank account details by asking for sensitive information such as your SSN. With this information the attacker will have access to your bank account.
Spear phishing is when an attacker targets a specific group or type of individuals such as a company’s accounting or HR department. For example, if you are going fishing you can catch any type of fish, but if you go spear fishing, you target specific fish with your spear. In this case, the victims are a targeted group.
Whaling is similar to Spear Phishing being that it targets a specific group, except it goes after the “big fish”. In other words, Whaling targets big corporations or individuals who have access to big accounts, such as C-Level individuals. This may come in form of an email regarding a lawsuit. The email will include a link directing to another page asking for sensitive information about the company such as Tax ID numbers, bank account details and other confidential information. So while a whale is not a fish, the target is bigger and the means to catch it are as well.
At Blue Light IT, we provide comprehensive cyber security training for you and your staff. Contact us today to learn more.