Different Types of Phishing Attacks

07 December, 2023 

With the advancement of technology, cybercriminals have also improved their techniques to exploit and trick innocent people into sharing sensitive information. One such tactic is phishing attacks. Cybercriminals can use strategies that most people are unaware of to commit fraud.

However, if you are informed of the ways that can be used to defraud you, you can stay safe and avoid becoming a victim of these attacks. Let us understand phishing attacks.

What is a phishing attack?

A phishing attack is a cybercrime that involves manipulating people into providing confidential information, such as usernames, passwords, Credit Card details, confidential banking information or personal data. These attacks make fraudulent communication appear legitimate.

Attackers often use techniques that manipulate your emotions or curiosity. This results in the loss of money and crucial information that can be used against you.

Types of phishing attacks

1. Email phishing: It is one of the most common types of phishing attacks. Attackers send mass emails, pretending to be from reputable organisations. They urge you to click on a malicious link or download a harmful attachment.
   
   

2. Spear phishing: Unlike email phishing, spear phishing is a highly targeted cyber attack. Cybercriminals prepare messages for specific individuals. They use personal information taken from social media.
   
   

3. Whaling: As the name suggests, whaling involves targeting big fish. This form of phishing targets high-profile individuals like executives or public figures. Attackers create sophisticated emails that appear as legal documents, invoices or confidential communications. This tricks victims into sharing sensitive information or transferring funds. The information can even be used to blackmail the victim or cause financial damage.
   
   

4. Smishing and vishing: Smishing involves phishing via SMS or text messages. Vishing uses voice calls. In both cases, you receive messages or calls that appear to be from legitimate sources, instructing you to provide sensitive data.
   
   

5. Angler phishing: This attack targets individuals who seek customer support on social media platforms. Attackers create fake customer service accounts and clone websites, posts and tweets to respond to public complaints. They provide links to malicious sites that appear to be legitimate.
   
   

6. Clone phishing: In this attack, cybercriminals duplicate legitimate communication such as emails or websites. They make slight alterations to trick you into believing they are genuine. You might receive an email that appears to be from a service you use. It might ask you to click a link and update your credentials.
   
   

7. Pharming: Pharming is a type of phishing attack that involves manipulating your DNS settings or using malware to redirect you to fraudulent websites, even if you enter the correct URL. It is a highly sophisticated phishing technique and very hard to detect.
   
   

8. HTTPS phishing: Attackers create fake websites with HTTPS (secure) URLs to manipulate you into thinking you are on a safe site. The notion is that most users think that HTTPS is a safe website. These URLs can be obtained with free SSL certificates, making it challenging to distinguish real from fake.
   
   

9. Pop-up phishing: Cybercriminals exploit pop-up windows on websites to trick you into providing sensitive data. You might encounter a pop-up claiming you have won a prize and are asked to enter personal details to claim it.
   
   

10. Evil twin phishing: Using common WiFi networks, attackers create fake WiFi access points with names similar to legitimate ones. Unsuspecting users connect to these fake networks, allowing hackers to intercept sensitive data.
    
    

How to protect yourself from phishing?

1. Enable spam filters to reduce the chances of phishing emails reaching your inbox.
   
   
2. Delete suspicious emails without clicking on any links.
   
   
3. Report phishing attempts to your email provider or relevant authorities.
   
   
4. Be cautious about sharing personal, financial or login details.
   
   
5. Avoid using public WiFi for sensitive tasks as it's less secure.
   
   

HDFC Bank’s Vigil Aunty is well-equipped to educate people against these types of attacks. She can guide you in case you fall prey to such attacks. In an era of advanced cyber threats, knowledge and caution remain shields against phishing attacks


​​​​​​​*Terms and conditions apply. The information provided in this article is generic in nature and for informational purposes only. It is not a substitute for specific advice in your own circumstances.