Phishing is a method of cyberattack used by hackers to gain access to your personal information. It is the most common start/warning sign of a ransomware attack.
Phishing attacks can occur via email, mobile, social media, and phone calls. In each case, the attacker aims to get access to sensitive information by falsifying messages that look like they are coming from reliable sources.
5 common types of phishing attacks to be on the watch for:
1. Mass Campaigns: Wide-net phishing emails are sent to mass numbers of people from a corporate entity they are impersonating or have cracked into. These emails typically seek to obtain your personal credentials or credit card numbers.
2. Spear Phishing: Targets a specific organization or person with tailored and/or personalized phishing emails.
3. Whaling: Spear-phishing attacks directed specifically at the senior executives of a company and/or other high-profile targets to gain access to that company’s platforms, credentials, or financial information.
4. Clone Phishing: The attacker copies a legitimate email message sent from a trusted organization and replaces a link within that email that redirects the user to a malicious website.
5. Pretexting: This is when an attacker tries to boost your trust in them by using a non-email channel such as a text message first to set up the expectation that they’ll be sending something important to you shortly via email. The email you receive then contains malicious links.
It can be difficult to tell what is legitimate online today. Users need to be more vigilant than ever before.
- 90% of all data breaches are linked to phishing attacks. (Cisco)
- 96% of all phishing attacks use email, 3% come from malicious websites, and 1% from phones. (Tessian)
- Phishing attacks were 11% more frequent in 2021 than in 2020. (Verizon)
- More than 80% of reported cyber incidents are tied to phishing attacks. (Forbes)
- Phishing is the second most expensive cause of all data breaches. (Tessian)
- LinkedIn phishing messages make up 47% of social media phishing attempts (Swiss Cyber Institute)