The digital world has certainly become the preferred playing field for scammers attempting to steal confidential information. Phishing on the internet comes in many forms, targeting the least suspecting and most vulnerable users. From misleading attacks by email to false login pages and fake phone calls, the cyberfraud landscape is constantly changing and advancing. For online protection, it is essential to be aware of and understand the various harmful tactics.
5 types of phishing
- Business email compromise (BEC)
Business email compromise (BEC) is a sophisticated form of cyberattack in which the scammers target the personnel of an organization to obtain confidential information or to carry out illegal transactions. By presenting themselves through one of the most commonly used business channels of communication, the attackers use social engineering to imitate authentic exchanges and mislead their recipients. Even if most employees are aware of the threat, identifying the clues to uncover the scams is becoming an ever more complex and counterintuitive task.
- Phishing by text
Unfortunately phishing is not limited to fraudulent emails. Smishing is a text message scamming technique used by cybercriminals to trick the recipient into revealing confidential information or carrying out undesirable actions. With the growing use of mobile devices and multifactor authentication, most people receive numerous SMS messages a day asking them to validate their identity. Attackers simply have to imitate these messages to confirm a fake login which then gives them control of the victim’s account.
- QR code phishing
Restaurant menus, business cards, product packaging… The use of QR codes is widespread and everywhere. This type of phishing is an emerging scamming technique in which the fraudsters manipulate QR codes to redirect users to fake sites with the intention of stealing personal data. Because it is quite difficult to recognize an illicit URL, when scanning a code, a victim is tricked without realizing the threat.
- Voice phishing
Voice phishing or “ vishing” involves making automated or manual telephone calls to entice individuals into providing critical information such as banking details or personal identifiers. Scammers use social engineering techniques to trick victims and access their confidential data. This relatively new way of operating took off during the pandemic and continues to prevail.
- HTTPS phishing
Usually, the presence of an ”HTTPS”, before the URL for a website and accompanied by a padlock icon, certifies that its activity is encrypted and, therefore, secure. Because there is no authority regulating this type of recognition, IT hackers can easily register a site with an approved SSL. HTTPS phishing is a form of cyberfraud in which the scammers create malevolent web pages with fake HTTPS certificates that appear legitimate. Users are misled, share their personal information thinking they are interacting with a secure entity and thereby compromise their privacy and online protection.
In conclusion, no one is immune to a cyberattack. Vigilance continues to be the key to countering the various types of phishing that proliferate on the internet. Understanding the sophisticated tactics used by scammers and maintaining a sceptical attitude towards online communications remain essential. Increased awareness, using reliable security software and training in how to recognize indicators of suspicious activity are crucial elements to strengthening digital defence. By adopting a proactive approach, it is possible to reduce the risks of a security breach and protect the integrity of personal information online.