Phishing is sending email messages to users that appear to be from an institution or company that the individual conducts business with, such as a banking or financial institution, or a web service through which the individual has an account. The goal of phishing is mainly Financial Gain, wherein the goal of the attacker is to trick the recipient into taking the attacker’s desired action, such as providing login credentials or other sensitive information. By using false websites and emails, they attempt to steal your personal data - most commonly passwords and credit card information.
Types of Phishing Attacks
Emails from:
Phishing attacks and spear phishing have much in common, including the shared goal of manipulating victims into exposing sensitive information. Spear phishing attacks differ from typical phishing attacks in that they are more targeted and personalized in order to increase chances of fooling recipients. Attackers will gather publicly available information on targets prior to launching a spear phishing attack and will use those personal details to impersonate targets’ friends, relatives, coworkers or other trusted contacts. Much of this information can be taken from targets’ profiles and/or activity on social media sites.
Vishing (voice + fishing) is described as the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit. Some fraudsters will call your landline or mobile, pretending to be from your bank, building society, a government agency or someone you do business with.
Smishing is a security attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile device. Smishing is short for "SMS phishing." SMS phishing uses cell phone text messages to deliver the bait to induce people to divulge their personal information. Alternatively, they’ll send you a text message that asks you to reply with your personal or banking details, or to call or text a premium-rate number they have created to run up a large bill.
Pretexting is a form of social engineering in which an individual lies to obtain privileged data. A pretext is a false motive. Pretexting can also be used to impersonate people. After establishing trust with the targeted individual, the pretexter might ask a series of questions designed to gather key individual identifiers such as confirmation of the individual's social security number, mother's maiden name, place or date of birth or account number. Pretexting often involves a scam where the liar pretends to need information in order to confirm the identity of the person he is talking to.
Baiting involves offering something enticing to an end user, in exchange for login information or private data. It relies on the curiosity or greed of the victim. Baiters may offer users free music or movie downloads, if they surrender their login credentials to a certain site. These attacks are not restricted to online schemes. Attackers can also focus on exploiting human curiosity via the use of physical media.