Phishing is a very umbrella term in cyberspace, with many sub-methods of doing so. Unfortunately, this blog would take hours to read if we covered them all, but we’ll cover the most common types to broaden your awareness.
Why do I need to know this?
As we all know, awareness is key in many situations other than phishing. However, many people might feel they don’t need to stay aware as they may be tech-savvy. Even if this might be the case, phishing scams are always evolving, especially through the exploitation of AI, which we’ve discussed in previous blogs.
A quick example would be typos. In the past, a reliable sign of a phishing email/website was spelling or grammar errors. However, scammers can now generate AI content in any language, perfectly, regardless of language barriers. This now means that while it still is a sign, fewer and fewer Phishing emails have obvious signs like that.
The takeaway here is that believing you can’t be scammed, only increases the chance of it happening. Anyone can be a target.
The Top 4 Most Common Phishing Attacks
Let’s go over the most common methods Phishing scammers will use, so you can hopefully spot it a mile away!
- Email Phishing- I’m sure we all know this method and have likely seen many of them in our Spam inbox. Email Phishing aims to mimic a legitimate company, under a fake domain. The email will typically attempt to invoke urgency or fear in the victim, so they’ll be more likely to fall for any fake link or attachment on the email, such as a “Log-in to your Bank account” button that’ll take you to a completely fake domain, and they’ll then unknowingly give it their bank details. A good sign to look out for here is that you can’t have a duplicate domain name. This means that if the Phishing email is attempting to imitate Amazon, for example, the domain name after the @ on the email address will not be Amazon’s Domain name. Another sign is that someone like your bank wouldn’t typically email you in an actual emergency, you’d likely get a call.
- Spear Phishing- Now this type of scam is the more elaborate version of Email Phishing. What sets this apart from Email Phishing is that a Spear email will contain some of your personal information in the email, to seem more legitimate. This could be your name, job or school depending on age. The advice I’d share here is that the same sign to look out for in Email Phishing (domain names in @) applies here too. Additionally, if you’re ever unsure about whether the email is legitimate, contact the company/organisation that the email is claiming to be first, on their official website or phone number, not on the email link.
- Angler Phishing- This method of scam is via social media, instead of the usual email or call. You may have seen it already, where a random account you don’t know starts following you, and then sends you a massive text about some ludicrous lie, like Celebrity impersonators that try to get money from followers of the official celeb accounts. The best thing to do here is to simply not accept friend requests from accounts you don’t recognise. Additionally, like website domains, no two usernames can be the same. So if “Amazon Support” suddenly decide to drop you a kind message, check their username first.
- Vishing- And last but not least, everyone’s favourite (most hated), the phone scam. Vishing is an incredibly common scam, as you may know. But what you might not know is how they’re advancing more and more every day, thanks to AI. I’ve sure had a few calls where it’s incredibly obvious I’m not speaking to a human. However, the more funded and advanced scammers will have invested in a voice AI that almost seems real, like Elevenlabs for example. This is especially dangerous toward the elderly on average, as they may not be aware of AI advancements. The danger here is that Vishing calls can be partly automated, and the victim pool targetted can be increased significantly. The best advice we can give you here, similar to Spear Phishing, is to hang up, contact the legitimate company through official means and enquire about the call.
Conclusion
On a cheery note, while Phishing advances, so do the cyber security measures that prevent it. Fortunately, many others in the tech space make content like this and spread awareness at a rate much higher than the past years too. As I said previously, awareness is key!
We hope you’ve liked this blog. Stay tuned for more awareness blogs like this. Stay safe!
