• Products and Solutions
    • I.T. Support
    Partek 360 Managed I.T. Services
    Help Desk
    Projects and Consulting
    • Infrastructure
    Servers & Networking
    Business Continuity
    Business VOIP Solutions
    Wifi
    Managed Print Solutions
    • Cyber Security
    Ransomware Protection
    Managed Threat Response
    Email Security
    Endpoint Backup & Disaster Recovery
    • Cloud Solutions
    Microsoft 365
    SharePoint
    Private and Managed Cloud
    • Web
    Website Development
    Website Management
    Hosting and Security
    Email Marketing
  • Company
    We’re always up for a chat!
    Get in Touch
    • About us
    Meet the Team
    Careers
    Contact Us
    • Stories
    • Case Studies
    • Client Success Stories
    • Website Portfolio
    • Blog
    Latest Articles

    Topics

    • Cloud
    • Cyber Security
    • Email
    • Information Technology
    • Website Design
    • Wifi
    • Recent News
    Partek has achieved Sophos Gold Partner status! 🌟
    30Mar

    Partek has achieved Sophos Gold Partner status! 🌟

    What is Phishing?
    09Feb

    What is Phishing?

  • Contact
Support

What is Phishing?

  • Home
  • Archive
  • Cyber Security
  • What is Phishing?
Social Engineered Cyber Attacks
January 9, 2023
Partek has achieved Sophos Gold Partner status! 🌟
March 30, 2023
February 9, 2023
Categories
  • Cyber Security
  • Information Technology
  • News
Tags

What is Phishing?

“Phishing” can mean a handful of different things but generally encompasses all socially engineered email attacks, regardless of the specific malicious intent.


Here are a few of the other terms we use throughout this report and how we define them:

Bulk phishing:

High volume, indiscriminate, “commodity” attacks in which the same fraudulent email is sent to a large number of people within an organization. Although they are not tailored to the victim, they can be effective – if enough emails are sent, eventually someone will open one.

Phishing is like catching fish using a line — you cast your rod into the water and see what bites.

Example

Examples of bulk phishing attempts include emails relating to winning a prize, issues with the user’s account, or emails stating that a password has expired and needs to be changed.

This is an example of a “bulk” phishing email. It doesn’t address the target by name and doesn’t contain any personal information. But, because it appears to come from a trusted brand (Netflix) someone is likely to click the link.

Spear phishing:

Low volume, targeted attacks are sent to selected people within an organization. The cybercriminal has researched their target and uses personal information to tailor the attack. This type of phishing often sees more success, as an email containing personal information lowers the target’s guard, making them more likely to open a malicious link or file.

With spear phishing, you choose the fish you want and aim the spear right at it.

Example

These emails may include the victim’s name, or place of work, imitating a supplier or third-party technical support requiring the user to send their password for security purposes. 

A common example of a spear phishing email is a request to update or change banking information. The attacker has exploited a professional relationship to elicit feelings of urgency and trust — the threat actor, acting as the CEO, urgently needs a favour and requests an employee to pay an invoice to an unknown account. Of course, the  new account is actually controlled by the cyber criminal. 

Whaling:

Attacks against high-value targets, such as top executives. If successful, Whaling attacks can be devastating for a company, as an executive’s account often has a high-level access to the network along with employee and customer data.

Example

Threat actors may use a spear phishing attack to gain access to an employee’s email account, then use the employee’s account to phish an executive at the company. An executive has less reason to suspect a trusted email source, compared to an unknown individual.
In addition, a whaling email may indicate that the company is facing legal consequences and that the CEO must click on a fraudulent link to get more information. The link then takes them to a page where they are asked to enter critical data about the company, such as tax ID and bank account numbers.

Smishing:

Attacks that use mobile text messaging (SMS) as the main communication vector.

Example

A common example of a smishing attack is an SMS message that looks like it came from a trusted or familiar source. 

It tells you your account has been compromised and that you need to respond immediately. The attacker asks you to verify your credential or confidential information often though a malicious link. 

Vishing:

Attacks that use phone calls or voice messages to lure targets.

Example

These are often messages imitating a bank or technical support asking for account information for security purposes.

A common vishing attack includes a call from someone claiming to be a representative from a trusted or familiar source. This person informs you that they’ve detected a virus on your computer and then requests your credit card details or remote access to your computer. The attacker explains they will install an “updated version of anti-virus software” on your computer. In reality, the attacker now has your credit card information, in addition to likely having installed malware on your computer.

Share

Related posts

March 30, 2023

Partek has achieved Sophos Gold Partner status! 🌟


Read more
January 9, 2023

Social Engineered Cyber Attacks


Read more
December 5, 2022

Define your cybersecurity risk


Read more
November 29, 2022

Canadian food retail giant hit by ransomware


Read more

[email protected]
[email protected]

Medicine Hat

202 – 132 4th Ave SE
Medicine Hat, Alberta
T1A 8B5
(403) 488-3333

Swift Current

101 – 140 2 Avenue NW
Swift Current, Saskatchewan
S9H 0P2
(306) 437-0803

Get the latest from Partek

Email updates on the latest tech, cyber-security advice, best business practices, and Partek news.

  • Open a Support Request
  • Remote Support Portal
  • Make a Payment
  • Partek Client Portal
  • Careers
© 2023 Partek I.T. Solutions | All Rights Reserved | Privacy Policy