How to Detect a Phishing: Attack Types, Real Life Examples
Security for Everyone
Top 22 Methods to Detect a Phishing: Attack Types, Real Life Examples
Google was reported to block around 100 million phishing emails each day. The variety and sophistication of phishing attacks have increased. Attackers have been sending more emails in their campaigns, with a notable rise in the sophistication of these threats. Approximately 96% of organizations reported experiencing at least one phishing attack in the previous year. Phishing has also become a primary delivery method for ransomware, underlining the close link between these types of cyber threats [1]
Phishing attacks are widely used by cyber attackers for reasons such as not requiring much knowledge to implement and not requiring any vulnerabilities in target systems.
What is Phishing Attack?
A phishing attack is a type of fraud that aims to persuade users to provide personal information, especially identity and financial information, usually through a fake email, message or website. [2]
Most used phishing attack methods
Phishing attacks are cyber attacks that aim to steal sensitive information from victims, often using social engineering tactics. Here are the most common types of phishing attacks:[3]
- Typosquatting: Creating fake websites using similar domain names by taking advantage of users' typos.
- Whaling: A subtype of spear phishing that targets senior executives.
- Smishing (SMS Phishing): Phishing via SMS messages.
- Vishing (Voice Phishing): Phishing carried out through phone calls.
- Pharming: Redirecting DNS queries to a malicious site to deceive users.
- Spear Phishing: More personalized email phishing targeting specific individuals or organizations.
- Business Email Compromise (BEC): Hijacking and fraud of business email accounts.
- Watering Hole Phishing: Placing malware on trusted sites frequented by a specific group or organization.
- Email Phishing: General email phishing targets individuals through deceptive emails.
- Angler Phishing: Phishing via social media disguised as a customer service representative.
- Website Spoofing: Creating fake copies of legitimate websites to deceive users.
- Social Media Phishing: Phishing attacks carried out through social media platforms.
- Clone Phishing: Re-sending an email containing a malicious link or attachment by creating a copy of a real message.
- Search Engine Phishing: Leverages search engine results to direct users to deceptive web pages.
- Interview Phishing: Targets job seekers to obtain information about the target organization under the guise of a job interview.
- Pop-Up Phishing: Uses deceptive pop-ups that if users click on, they can download malware or be redirected to malicious sites.
- Image-Based Phishing: Images that contain malicious links or are designed to deceive users are used.
- HTTPS Phishing: Uses URLs that appear to be safe, but redirect to malicious websites.
- DNS Spoofing: Phishing by redirecting DNS queries to a malicious site.
- Email Spoofing: Fraudulent change of the sender's email address to appear as someone the recipient knows.
- Man-in-the-Middle (MITM) Phishing: Interrupting the communication flow and seizing data exchange between two parties.
- Evil Twin Phishing: Phishing via malicious Wi-Fi hotspots.
3 Sample Real Life Phishing Scenario
In a sophisticated cybercrime case investigated by Dubai, AI voice cloning was used to deceive a branch manager into transferring $35 million, believing he was speaking with the director of his company. This heist, involving at least 17 individuals and international transfers, underscores the growing threat of deep fake technology in financial fraud [4].
Pepco Group, the European retailer operating the Pepco, Poundland, and Dealz brands, lost €15.5 million due to a sophisticated phishing attack on its Hungarian business. The attack's nature suggests it might involve business email compromise (BEC), and despite ongoing efforts with banking partners and police, it's uncertain if the lost funds can be recovered [5].
A global scam targeting WhatsApp users with fake job offers has defrauded people out of an estimated €100 million. Victims received phishing messages impersonating reputable firms, promising lucrative jobs paid in cryptocurrency, leading to significant financial losses and highlighting the dangers of sophisticated online scams [6].
Type of Phishing Attacks That has Own Names
Self-titled phishing attack types are cyber attacks that are named according to specific targets or methods and aim to leak information, usually using phishing tactics. Here are some:
|
Name |
Method |
Target |
Description |
1 |
Typosquatting |
Fake websites |
General public |
Exploits users making typographical errors when entering a website address to redirect them to malicious sites. |
2 |
Whaling |
Customized emails |
High-profile individuals |
Targets high-profile executives with personalized phishing attacks to steal sensitive information. |
3 |
Smishing |
SMS messages |
General public |
Uses deceptive text messages to trick individuals into visiting malicious sites or divulging personal information. |
4 |
Vishing |
Phone calls |
General public |
Involves phone calls to deceive individuals into giving out personal or financial information. |
5 |
Pharming |
DNS poisoning |
General public |
Redirects users to fraudulent websites without their knowledge to steal personal information, usually through DNS hijacking. |
6 |
Spear Phishing |
Customized emails |
Specific individuals or organizations |
Involves highly personalized emails to trick specific individuals or organizations into revealing sensitive information. |
7 |
Business Email Compromise (BEC) |
Fake or compromised email accounts |
Companies, high-ranking officials |
Attempts to deceive employees into making financial transactions or revealing sensitive information by impersonating company officials or using compromised email accounts. |
8 |
Watering Hole Phishing |
Malicious software on trusted sites |
Specific groups or organizations |
Placing malicious software on websites frequented by the target group or organization. |
9 |
Email Phishing |
Deceptive emails |
General public |
General phishing attacks using deceptive emails to target individuals. |
10 |
Angler Phishing |
Impersonating customer service on social media |
Social media users |
Phishing on social media by impersonating customer service representatives. |
11 |
Website Spoofing |
Fake copies of legitimate websites |
General public |
Creating fake copies of legitimate websites to deceive users. |
12 |
Social Media Phishing |
Attacks through social media platforms |
Social media users |
Phishing attacks carried out through social media platforms. |
13 |
Clone Phishing |
Altered copies of legitimate messages |
Email users |
Sending altered copies of legitimate messages with malicious links or attachments. |
14 |
Search Engine Phishing |
Misleading search engine results |
Search engine users |
Using misleading search engine results to direct users to deceptive web pages. |
15 |
Interview Phishing |
Job interview scams |
Job seekers |
Targeting job seekers with fake interviews to gather information about the target organization. |
16 |
Pop-Up Phishing |
Deceptive pop-up ads |
General public |
Using deceptive pop-up ads that may download malware or redirect to malicious sites upon clicking. |
17 |
Image-Based Phishing |
Malicious images |
General public |
Using images containing malicious links or designed to deceive users. |
18 |
HTTPS Phishing |
Misleading secure URLs |
General public |
Using URLs that appear secure but lead to malicious sites. |
19 |
DNS Spoofing |
Redirecting DNS queries |
General public |
Redirecting DNS queries to malicious sites. |
20 |
Email Spoofing |
Altering sender email addresses |
Email users |
Altering sender email addresses to appear as someone the recipient knows. |
21 |
Man-in-the-Middle (MITM) Phishing |
Intercepting data exchange |
Any communication party |
Intercepting the exchange of data between two parties to steal information. |
22 |
Evil Twin Phishing |
Malicious Wi-Fi hotspots |
Wi-Fi users |
Creating malicious Wi-Fi hotspots to intercept data from connected users. |
22 Methods To Detect Various Types Of Phishing Attacks
Since phishing attack techniques are very diverse, the importance of detecting each attack technique and taking it when detected is different. The table below explains how to detect attack types and the precautions to be taken when detected.
Attack Type |
How to Detect |
Countermeasures |
Typosquatting |
Unexpected or strange URL structures. |
Use bookmarks, verify URLs. |
Whaling |
Unusual requests for sensitive information. |
Secondary verification, executive training. |
Smishing |
Unsolicited SMS messages with links. |
Don’t click links, verify sender. |
Vishing [7] |
Suspicious phone requests for personal info. |
Hang up and call back using an official number. |
Pharming |
Misdirection to an unexpected website. |
Use HTTPS, update security software. |
Spear Phishing |
Highly personalized but unsolicited emails. |
Use email filters, verify unusual emails. |
Business Email Compromise (BEC) |
Unexpected email requests for financial transactions. |
Two-factor authentication, verify requests. |
Watering Hole Phishing |
Trusted sites behaving oddly or requesting downloads. |
Keep software updated, use network security tools. |
Email Phishing [8] |
Generic greetings, spelling errors, or suspicious links. |
Don't click on links/attachments, use spam filters. |
Angler Phishing |
Customer service requests over social media. |
Contact company directly, limit online personal info. |
Website Spoofing [9] |
Websites that look slightly off or have strange URLs. |
Check for HTTPS and URL legitimacy. |
Social Media Phishing |
Unsolicited messages or friend requests on social media. |
Adjust privacy settings, verify messages. |
Clone Phishing |
Emails that seem to be resendings of previous messages. |
Verify email changes, be cautious of resends. |
Search Engine Phishing |
Too-good-to-be-true offers or deals in search results. |
Use reputable search engines, verify deals. |
Interview Phishing |
Job offers or interviews that ask for personal info. |
Verify company and role, avoid upfront personal info. |
Pop-Up Phishing |
Unexpected or aggressive pop-ups asking for information. |
Use pop-up blockers, never input info into pop-ups. |
Image-Based Phishing |
Links or calls to action within images. |
Avoid unsolicited images, disable image auto-load. |
HTTPS Phishing |
Use of HTTPS in the URL to appear trustworthy. |
Be skeptical of secure URLs, verify website authenticity. |
DNS Spoofing |
Unusual web behavior or redirection. |
Use secure networks, be wary of DNS changes. |
Email Spoofing |
Mismatch between the sender's name and email address. |
Check email address carefully, use email security features. |
Man-in-the-Middle (MITM) Phishing |
Unexpected interruptions during transactions. |
Secure communications, use encryption. |
Evil Twin Phishing |
Wi-Fi networks that resemble legitimate ones. |
Avoid public Wi-Fi, verify network authenticity. |
Top 14 Methods to Minimize Risk of Phishing Attack
Precautions to be taken to protect against phishing attacks are listed below.
- Use Updated Security Software and Firewalls: Install and keep your security software, firewalls, and network protections up to date to defend against malware and other threats.
- Implement Two-Factor Authentication (MFA): Use Multi-Factor Authentication (MFA) wherever possible to add an extra layer of security to your accounts, making it more difficult for attackers to gain unauthorized access.
- Regularly Update All Software: Ensure all software, including operating systems and applications, are kept up to date with the latest security patches and updates.
- Educate Your Employees: Stay informed about the latest phishing techniques and educate employees, friends, and family on how to recognize phishing attempts.
- Use Reputable Search Engines and Verify Websites: Always verify the authenticity of websites, especially before entering sensitive information, and use reputable search engines for your searches.
- Adjust Privacy Settings on Social Media: Be cautious of unsolicited contacts by adjusting your privacy settings to limit who can view your information and contact you.
- Verify Requests Through Secondary Channels: Do not rely solely on email or phone; verify significant requests, especially those involving financial transactions or sensitive information, through secondary channels.
- Use Secure and Encrypted Communications: For sensitive transactions, ensure that communications are secure and encrypted to prevent interception by attackers.
- Be Skeptical of Unsolicited Requests: Approach unsolicited requests for information with skepticism, whether they come via email, phone, SMS, or social media.
- Regularly Monitor Accounts: Keep an eye on your financial and personal accounts regularly for any unusual activities or unauthorized transactions.
- Regularly Change Passwords: Make it a habit to change your passwords regularly and use strong, unique passwords for each of your accounts to prevent unauthorized access. [10]
- Use Anti-Malware Software: Deploy anti-malware solutions across your devices to detect and remove malicious software that might have been installed without your knowledge.
- Mail Security for Organizations: For organizations managing their email services, implement advanced mail security solutions that include spam filters, phishing detection, and email authentication protocols.
- Cloud Services Security: For organizations utilizing cloud services, ensure that cloud platforms and applications are configured securely, and utilize cloud security tools to monitor and protect data.
References
[1] https://aag-it.com/the-latest-phishing-statistics/
[2] https://www.cloudflare.com/learning/access-management/phishing-attack/
[3] https://www.upguard.com/blog/types-of-phishing-attacks#:~:text=Social%20Media%20Phishing,attacks%20to%20access%20sensitive%20data
[4] https://www.forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/?sh=5cb443947559
[5] https://www.helpnetsecurity.com/2024/02/28/pepco-phishing-bec-attack/
[6] https://www.euronews.com/next/2023/10/23/behind-the-global-scam-worth-an-estimated-100m-targeting-whatsapp-users-with-fake-job-offe
[7] https://securityforeveryone.com/blog/vishing-attacks-the-audio-face-of-social-engineering
[8] https://securityforeveryone.com/blog/the-hidden-threat-in-emails-ransomware
[9] https://securityforeveryone.com/blog/safe-internet-use-avoiding-harmful-websites
[10] https://securityforeveryone.com/blog/the-ultimate-guide-to-password-security
control security posture