Professional Documents
Culture Documents
Banking Operations and Services: Types of Phising Attacks: 1. Deceptive Phising
Banking Operations and Services: Types of Phising Attacks: 1. Deceptive Phising
Banking Operations and Services: Types of Phising Attacks: 1. Deceptive Phising
What is Phising?
Phishing is a method of trying to gather personal information using deceptive e-
mails and websites.
Phishing is a cyber-attack that uses disguised email as a weapon. The goal is to
trick the email recipient into believing that the message is something they want
for instance, a request from their bank or a note from someone in their company
and to click a link or download an attachment.
Deceptive phishing is the most common type of phishing scam. In this ploy,
fraudsters impersonate a legitimate company to steal people’s personal data or
login credentials. Those emails use threats and a sense of urgency to scare users
into doing what the attackers want.
Techniques used in Deceptive Phising:
2. SPEAR PHISING
In this type of ploy, fraudsters customize their attack emails with the target’s
name, position, company, work phone number, and other information to trick
the recipient into believing that they have a connection with the sender. Yet the
goal is the same as deceptive phishing: get the victim into clicking on a
malicious URL or email attachment so that they’ll hand over their personal data.
Given the amount of information needed to craft a convincing attack attempt,
it’s no surprise that spear-phishing is commonplace on social media sites
like LinkedIn where attackers can use multiple data sources to craft a targeted
attack email.
Techniques used in Spear Phising:
3. WHALING
Spear phishers can target anyone in an organization, even executives. That’s the
logic behind a “whaling” attack. In the event their attack proves successful,
fraudsters can choose to conduct CEO fraud. As the second phase of a business
email compromise (BEC) scam, CEO fraud is when attackers abuse the
compromised email account of a CEO or other high-ranking executive to authorize
fraudulent wire transfers to a financial institution of their choice. Alternatively,
they can leverage that same email account to conduct W-2 phishing in which they
request W-2 information for all employees so that they can file fake tax returns on
their behalf or post that data on the dark web.
Techniques used in Whaling:
Whaling attacks commonly make use of the same techniques as spear phishing
campaigns. Here are a few additional tactics that malicious actors could use:
4. VISHING
This type of phishing attack dispenses with sending out an email and goes for
placing a phone call instead. As noted by Comparitech, an attacker can perpetrate a
vishing campaign by setting up a Voice over Internet Protocol (VoIP) server to
mimic various entities in order to steal sensitive data and/or funds. Malicious
actors used those tactics to step up their vishing efforts and target remote workers
in 2020, found the FBI.
Techniques used in Vishing:
5. SMISHING
Vishing isn’t the only type of phishing that digital fraudsters can perpetrate using a
phone. They can also conduct what’s known as smishing. This method leverages
malicious text messages to trick users into clicking on a malicious link or handing
over personal information.
Techniques used in Smishing:
Trigger the download of a malicious app: Attackers can use malicious
links to trigger the automatic download of malicious apps on victims’
mobile devices. Those apps could then deploy ransomware or enable
nefarious actors to remotely control their devices.
Link to data-stealing forms: Attackers could leverage a text message along
with deceptive phishing techniques to trick users into clicking a malicious
link. The campaign could then redirect them to a website designed to steal
their personal information.
Instruct the user to contact tech support: With this type of attack tactic,
malicious actors send out text messages that instruct recipients to contact a
number for customer support. The scammer will then masquerade as a
legitimate customer service representative and attempt to trick the victim
into handing over their personal data.
6. PHARMING
This method of phishing leverages cache poisoning against the domain name
system (DNS), a naming system which the Internet uses to convert alphabetical
website names, such as “www.microsoft.com,” to numerical IP addresses so that
it can locate and thereby direct visitors to computer services and devices.
In a DNS cache poisoning attack, a pharmer targets a DNS server and changes
the IP address associated with an alphabetical website name. That means an
attacker can redirect users to a malicious website of their choice. That’s the case
even if the victim enters the correct site name.
Techniques used in Pharming: