What is Phishing and What are the Most Common Types?

“With 'phishing,' you are the one who gets hooked.”


Almost everyone has heard the term 'phishing,' but that doesn't necessarily mean everyone knows exactly what it means or what the potential dangers are. 


In this article, we aim to provide a clear picture of what phishing is and the different forms it can take.

Don't Get Hooked! What is Phishing?

Phishing is one of the most dangerous types of online fraud. Criminals try to steal your personal information, such as passwords, credit card numbers, and other sensitive information. They often do this by pretending to be a trusted person or institution, like a bank, a well-known website, or even a colleague.


A common example of phishing is an email that appears to be from your bank. This email might ask you to click on a link and enter your login details on a website that looks almost identical to your real bank's website. The moment you enter your details, they fall into the hands of criminals, who can then access your bank account and steal your money.

The 5 Most Common Types of Phishing

1. Email Spoofing


Email spoofing is a technique where the sender's email address is falsified to make it appear as if the email is from a trusted source, such as a well-known person or legitimate company. The aim is to trick recipients into clicking on malicious links or providing sensitive information. For example, an email might look like it’s from your boss, requesting that you forward a confidential document.


2. URL Phishing


Another common tactic is URL phishing, also known as link manipulation. Cybercriminals place a malicious link in an email, text message, or on a website that looks trustworthy or recognizable. When users click on this link, they are taken to a fake website that resembles a trustworthy or recognizable site. Here, they are asked to enter their login details or other personal information, which is then stolen by the criminals.


3. Clone Phishing

This technique involves copying (cloning) a legitimate email with an attachment or link. However, the cloned email will contain a malicious link disguised within the original content. This tricks the recipient into thinking it's a legitimate message from a trusted source like their bank, a social media platform, or even a colleague. In reality, clicking the link could take them to a rogue website designed to steal their personal information or download malware onto their device.


>> See our LinkedIn post about clone phishing


4. Invoice Scams

With invoice scams, victims receive a fake invoice by email. The invoice appears to come from a trusted supplier or service provider. It looks authentic and often contains the correct logos and information, except the payment details have been changed to an account belonging to the attacker. If the victim pays the invoice, the money goes directly to the scammer instead of the real supplier.


5. Catphishing Scams

Catphishing is a form of online scam in which someone assumes a false identity on social media or dating sites in order to enter into a relationship with the victim. The purpose can range from financial scams to obtaining personal information. The catphisher uses emotional manipulation to gain the victim's trust and convince them to transfer money or share sensitive data.


>> See our LinkedIn post about catphishing


Protect Yourself Against Phishing and Related Scams

General Tips:

  • Be alert and skeptical: Never click on links in emails, text messages, or social media posts randomly, even if they appear to come from a known sender. Always check the sender and URL before clicking a link.
  • Verify the source of the message: If you have any doubts about the authenticity of a message, go directly to the alleged sender's website or contact them through a trusted channel.
  • Don't share personal information: Never give out sensitive information such as passwords, credit card information, or banking details via email, text, or instant messaging. Legitimate companies will never ask for this information through these channels.
  • Use strong passwords: Use a unique and strong password for each online account. Avoid reusing passwords across multiple accounts and change them regularly.
  • Install antivirus software and keep it up to date: Antivirus software can help protect you from malware that may be inadvertently downloaded from phishing websites.
  • Too good to be true: If something seems too good to be true, it probably is. Be suspicious of offers that pressure you to act quickly or provide personal information.

Specific Tips:

1. Email Spoofing


  • Check the sender's email address: Ensure the email address matches the alleged sender's domain. Watch out for minor spelling errors or different domains (e.g., gmail.com instead of https://accounts.google.com/).
  • Be careful with generic salutations: Phishing emails often use generic salutations such as "Dear customer" or "Dear user." Legitimate businesses usually address you by name.
  • Check for spelling and grammar mistakes: Phishing emails often contain spelling and grammar mistakes. Legitimate emails from professional organizations are usually error-free.


2. URL Phishing


  • Hover over links: Before clicking on a link, hover your mouse cursor over it to see the actual web address. The actual web address should match the website you expect to visit.
  • Look for https in the URL: Websites that handle sensitive information, such as banking details, always use https:// in the URL.
  • ​Enable browser security features: Most browsers offer security features like pop-up blockers and phishing filters. Make sure these features are enabled.


3. Clone Phishing


  • ​Be careful with attachments and links: Clone phishing emails often contain attachments or links that are malicious. Be extra careful with attachments or links in emails you've received before, even if they appear to be from a known sender.
  • ​Contact the sender: If you have any doubts about the authenticity of an email, contact the alleged sender directly through a trusted channel to verify if they sent the email.


4. Invoice Scams


  • Pay close attention to the payment details. Verify that the account number listed for payment matches the one on record for the supplier or service provider.
  • Contact the sender: If you have any doubts about the authenticity of an invoice, reach out to the supplier or service provider through a trusted channel to verify its legitimacy.


5. Catphishing Scams


  • Remain cautious: Be on the lookout for people online who shower you with affection or try to rush into a relationship quickly. This could be a sign they're not who they say they are.
  • ​Do an online search for the name of the person you're talking to to see if there are any red flags. A Google Reverse Image Search can also be helpful to see if their profile picture appears elsewhere online.
  • Video calls: If you have doubts about the person's identity, suggest a video call or phone call. Seeing and speaking to someone can help you verify their identity.
  • ​Never share personal information such as your address, phone number or financial details with someone you have met online unless you are absolutely sure they are trustworthy.
  • ​Trust your instincts: If something feels off about the relationship, it probably is. End contact with anyone who makes you feel uncomfortable or suspicious.
Additional Tips:

  • ​Stay informed about the latest phishing scams to stay ahead of the criminals. Many websites and organizations provide updates on the latest phishing tactics. Subscribe to their newsletters or visit their websites regularly to stay informed.
  • ​Report phishing attacks! If you encounter a suspicious email, website, or message, report it to the relevant authorities. This helps protect yourself and others from falling victim to similar attacks.
Conclusion

Phishing remains a prevalent and evolving threat in online fraud. Criminals are constantly developing more sophisticated phishing tactics, making them harder to detect. However, by understanding the different forms of phishing, such as email spoofing, URL phishing, clone phishing, invoice scams, and catphishing, we can be better prepared to protect ourselves. 


Never click on links in emails or messages without verifying the source first. Never share your personal information unless you are absolutely certain of the recipient's legitimacy.


By recognizing their methods and staying vigilant, we can significantly reduce our risk of falling victim to these attacks.


Have questions or want to learn more about a specific type of phishing? 

>> Contact us


​Please note: The information in this article is for general information purposes and should not be relied upon as legal or professional advice. Always consult a qualified professional for advice regarding your specific situation.



Source:

https://www.dnsbelgium.be/nl/slim-online/12-soorten-phishing


Additional sources:

Phishing Info Net: https://www.phishing.org/

Federal Trade Commission: https://www.ftc.gov/

European Union Agency for Cybersecurity (ENISA): https://www.enisa.europa.eu/

What is Phishing and What are the Most Common Types?
Able bv, Joren De Breucker August 7, 2024

Most Common Cyber Threats (2024)