All types of Phishing attacks
Autor: Esteban SardanyésAt ESED, we know that we often talk about Phishing, and it might seem like an obsession, but it's because it's one of the most frequent and common cyberattacks due to its high level of effectiveness.
All types of Phishing attacks
Phishing via email
This is a cyberattack launched through email, impersonating large companies, organizations, or high-ranking individuals, such as CEOs. The goal is to make the message recipient believe it is genuine and prompt them to take a specific action. This can lead to the activation of the malware contained in the email.
Vishing
Unlike email-based phishing, the Vishing method is a bit different. While its purpose remains the same—obtaining confidential or sensitive information from a company to later demand a ransom—vishing operates through phone calls.
In this case, technologies like deepfake are used, as this is an improved and more sophisticated method, capable of perfectly imitating the voice of a high-ranking official, so that you do not doubt its authenticity.
Spear Phishing
Spear Phishing is not very different from email phishing, with the distinction that this time, the message is personalized—it's addressed exclusively to the recipient, including their name.
And what makes it special that it includes the victim's name? When something is personalized, there's a higher likelihood that it will be opened or attract more attention from the recipient.
Smishing
Smishing attacks are launched through SMS messages. Although almost no one uses this messaging method anymore, many companies, such as banks, use it to send notifications to their users.
Smishing involves sending a message impersonating the sender, who could be a well-known company, to get you to open a link and thus obtain your banking information.
Phishing based on malware
In this case, the cybercriminal sends an email that, unlike email phishing, where you have to open a link or download an infected file to activate the malware inside, the email itself is the malware.
QRishing
It involves QR codes maliciously modified. This way, when you scan this code with your mobile phone, it is automatically infected with the malware to which the QR code leads. This allows cybercriminals to access your data.
As mentioned earlier, the problem with phishing attacks is that they are very difficult to detect, especially if you lack cybersecurity knowledge. That's why, at ESED, we emphasize that awareness and training are the key to identifying these types of cyberattacks.
Did you know that the person most affected by phishing in a company is usually the CEO? Besides, the majority of malware entering a system is a result of human error.
For reasons like these, we have created ESED Training, a training program for your team to learn how to detect this type of threat before clicking or downloading something they shouldn't and infecting all your devices and operating systems.
Do you need help? You can contact us through the following link.