- Products and Solutions
- Company
- Recent News
High volume, indiscriminate, “commodity” attacks in which the same fraudulent email is sent to a large number of people within an organization. Although they are not tailored to the victim, they can be effective – if enough emails are sent, eventually someone will open one.
This is an example of a “bulk” phishing email. It doesn’t address the target by name and doesn’t contain any personal information. But, because it appears to come from a trusted brand (Netflix) someone is likely to click the link.
Low volume, targeted attacks are sent to selected people within an organization. The cybercriminal has researched their target and uses personal information to tailor the attack. This type of phishing often sees more success, as an email containing personal information lowers the target’s guard, making them more likely to open a malicious link or file.
A common example of a spear phishing email is a request to update or change banking information. The attacker has exploited a professional relationship to elicit feelings of urgency and trust — the threat actor, acting as the CEO, urgently needs a favour and requests an employee to pay an invoice to an unknown account. Of course, the new account is actually controlled by the cyber criminal.
A common example of a smishing attack is an SMS message that looks like it came from a trusted or familiar source.
A common vishing attack includes a call from someone claiming to be a representative from a trusted or familiar source. This person informs you that they’ve detected a virus on your computer and then requests your credit card details or remote access to your computer. The attacker explains they will install an “updated version of anti-virus software” on your computer. In reality, the attacker now has your credit card information, in addition to likely having installed malware on your computer.
