Due to the increase in the frequency, intensity, sophistication and diversity of phishing scams, it has become pertinent for individuals, small and large organizations to detect some of the most innovative phishing scams for keeping themselves protected. The following six are the most commonly used phishing scams.
- Deceptive Phishing
Through emails, the scammers impersonate a legitimate company and steal personal information or log-in credentials of victims. These, usually contain threats or urgency to scare the users to click on a link, which ultimately leads to a fake website. Check the grammar or spelling errors of the mail.
- Spear Phishing
It is one of the phishing scams in which the scammers attack specific name, position, contact number, company or other information to trick the recipient that they have a connection with the sender of the message. The victim clicks on a malicious URL and hands over personal data. Social media like Linkedin etc are common places for such kinds of phishing scams. Preventive measures would be not to publish sensitive corporate information on social media.
- CEO Fraud or Whaling Attack
The scammers target a ‘big fish’ such as top executives or even the CEO, mainly because such high ranking executives do not participate in Security Awareness Training, along with their employees. The scammer impersonates an executive and makes wrong use of the executive’s email, authorizing fraudulent wire transfers to a financial institution of his choice.
As a deviation to the traditional mean of ‘baiting’, the scammers resort to Pharming which is a method that is coined from Domain Name System (DNS) cache poisoning. The DNS is used by the naming system of the Internet for converting alphabetical website names to numerical IP addresses, in order to locate computer devices and services. The Pharmer attacks a DNS server and the IP address, associated with an alphabetical name of website. In this way, the scammer redirects a user to a malicious website of the scammer’s choice, even if the victim enters in the correct name of the website. As remedial measures, enter the login credentials only on sites, protected by HTTPS and use anti-virus software
- Dropbox Phishing
Phishing scams are no more limited to baiting the victims. Instead, specialized means are adopted to attack emails according to an individual company or service. The target is Dropbox which is used by millions of people for access, back up and share their files. The experts of phishing scams entice users to enter their login credentials on a fake Dropbox sign-in page that is hosted on Dropbox itself. As remedial measures, use two-step verification (2DV) on your accounts.
- Google Doc Phishing
Google Drive supports documents, photos, spreadsheets, presentations or the entire websites. Scammers abuse these services for creating a webpage that resembles the Google account login and thus obtains the credentials of the users. As a remedial measure users should use the two-step verification or 2SV for protecting themselves from such threat. They can get this feature by sending SMS message or Google Authenticator app.
With the development of anti-phishing measures scammers are resorting to yet more innovative techniques to be always a step forward. Hence anti-phishing measures should be an ongoing process for security conscious organizations.