Phishing: What Is It and How Many Types Are There

 

In this article, we are going to continue talking about one of the most common types of cyberattack: phishing.

Phishing is a set of techniques that aim to deceive a victim and gain their confidence by impersonating a trusted person, company or service (impersonation of a trusted third party), to manipulate them and make them perform actions they should not perform (revealing confidential information or clicking on a link). El suplantador se llama a phisher.

Types of phishing

Email phishing

Most of these phishing messages are sent via spam. They are not personalized or targeted at a specific person or company. Their content varies depending on the phisher’s target. Common phishing targets include banks and financial services, email and cloud productivity providers, and streaming services.

Voice phishing

Voice phishing is the use of the telephone to carry out attacks. Attackers use VoIP (Voice over IP) technology to make numerous fraudulent calls cheaply or free of charge to obtain codes, passwords or bank details from the victim, who is often unsuspecting.

SMS Phishing

SMS phishing Smishing is a form of phishing in which mobile phones are used as the attack platform. Smishing attacks typically invite the user to click on a link, call a phone number, or contact an email address provided by the attacker via an SMS message. The criminal carries out the attack with an attempt to obtain personal information, including credit card or social security numbers.

Page hijacking

It is achieved by creating an illegitimate copy of a popular website, but when visitors log on, they are redirected to another website.

Calendar phishing

Calendar phishing is when phishing links are delivered via calendar invitations. Calendar invitations that are sent are, by default, automatically added to many calendars.

The proliferation of phishing makes it an obligation for organizations to protect themselves with awareness, education, and evaluation strategies for employees and internal cybersecurity tools, but also the protection of their clients with proactive strategies for detecting phishing and corporate identity impersonation on social networks and public forums.