Types of Phishing Attacks

Categories: Best Practices Cyber Security Awareness Month Information Security

A cyberscammer will use a variety of tactics and ploys to disguise themself as trustworthy in an effort to gain access to information. As technologies evolve, so does the scammer’s ability to influence your decision about their trustworthiness. Phishing is a common attack method used by scammers.

There are different types of phishing attacks:

• Email phishing: an attacker masquerades as someone you may know or a company with whom you interact for business purposes. Hyperlinks are embedded in their message with the hope that you will click and be taken to a nefarious website.
• Malware phishing: An attachment is added to an email message that, when opened, will infect your computer with malware or a virus.
• Spear phishing: Customized email messages target specific individuals with malware-infected attachments or hyperlinks to malware-infected websites.
• Whaling: Similar to spear phishing, scammers use customized email messages that are purportedly sent from an executive to their direct contacts. Their hope is to attract executive level leadership into divulging important business information.
• Smishing: This is a form of phishing that uses text messages instead of email messages. While the communication medium may be different, the intent is the same: steal information from an individual.
• Vishing: Fraudulent call centers attempt to trick individuals into providing sensitive information over the phone.

Common Tactics:

• Skilled communication: the message, whether it is an email, text or voice, appears legitimate and is intended to manipulate the intended recipient.
• Perceived need: The intended victim feels the need to quickly act because of an urgent need.
• Trust: Scammers attempt to create trust with the intended victim by impersonating a trustworthy source.

What are the common errors that indicate the source cannot be trusted?

• The display name or email address does not match who they are purporting to impersonate.
• Typos
• The hyperlink does not match the link text.

If you feel you have become the victim of a phishing attack, please contact one of the IT Support Specialists in OSU Agriculture IT.

For more information:

• https://staysafeonline.org/
• https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
• https://www.techtarget.com/searchsecurity/definition/phishing
• https://www.microsoft.com/en-us/security/business/security-101/what-is-phishing