Types of phishing and how to recognise them

02 December 2019

Phishing is a broad concept. Criminals can try to obtain private information from you in a number of different ways. Read below for more information on the most-used phishing methods.

Basic phising

Basic phishing is the standard method for acquiring private information in which the messenger pretends to be a reliable party. Basic phishing attacks generally have an exploratory nature and are aimed at a broad audience. More information about basic phishing can be found here: http://www.phishing.org/what-is-phishing

Spear phishing

Spear phishing is aimed at a specific group or organization with the goal of stealing valuable or confidential information. Phishing mails can include links to drive-by download and Word, PowerPoint or Excel attachments. More information on spear phishing can be found here: https://phishingbox.com/news/phishing-news/types-of-phishing-defined.  

Whaling

Whaling is aimed specifically at senior management or other high-ranking personnel in an organisation with access to valuable information. The personal details of these people are often easily accessible via social media. More information on whaling can be found here: https://phishingbox.com/news/phishing-news/types-of-phishing-defined

Clone phishing

Clone phishing makes use of a real (legitimate) email that has been cloned or altered and resent with, for instance, a malicious attachment. By ‘spoofing’ the email seems to be sent from the same email address as the cloned original, which leads the recipient to believe that the email is an update of a previous legitimate version. More information on clone phishing can be found here: https://phishingbox.com/news/phishing-news/types-of-phishing-defined.

Vishing

Vishing is aimed at procuring information via VoIP telephony. VoIP stands for ‘voice over IP’: calling via the internet. Hackers will call a victim and because it is VoIP, can manipulate the caller ID, so as to appear as a number from a legitimate organisation. Your bank would call you for instance, to reactive your banking account. More information about this can be found here: https://www.social-engineer.org/framework/attack-vectors/vishing/.

SMiShing

SMiShing is aimed at mobile phones an tries to obtain information via a URL or telephone number in a text message. The phone number often redirects to an automated voice response system, which urges you to take immediate action because of a certain problem. These messages appear to be from a bank or online store and they tell you that there is something wrong with your account. You will therefore be asked to check your account data. More information can be found on.

More about this topic