Wave purple 4 FINAL

The 8 Most Dangerous Types of Phishing Attacks

Phishing is one of the most common and costly cyberattacks in cybersecurity. But there isn't just one type of phishing attack.

March 3, 2022

Phishing is one of the most common and devastating types of attacks in today’s cybersecurity landscape. The FBI’s IC3 Internet Crime Report found over 240,000 phishing attacks costing victims more than $54 million in 2020 alone. These numbers are poised to grow as forms of phishing attacks diversify to avoid detection.

There are various types of cyberattacks that qualify as phishing. Here we’ll cover some of the most common types of phishing attacks and how to stop them.

How Phishing Works

Phishing refers to a wide-range of socially engineered cyberattacks. While delivery methods vary by the type of phishing attack, the basic tenets remain the same: cybercriminals try to trick victims into paying money, revealing sensitive information, or installing malware. They pose as legitimate businesses, like a bank, agencies, like the IRS, or even people that the victim personally knows, like a work manager.

Artificial urgency is a key component of phishing that helps make it such an effective attack. Phishing attempts often come with time sensitive prompts like the following:

  • Manager needs an immediate wire transfer for an important invoice.

  • Trusted coworker sends you an urgent email which asks for login credentials.

  • Bank account closure due to insufficient balance.

  • Power and water shutoff because of a late utilities bill.

  • Friend or family member arrested or injured.

The urgency causes victims to act quickly, without noticing suspicious giveaways like dodgy URLs, misspellings, or fake email addresses.

These core characteristics are common across different examples of phishing attacks. But each type of phishing attack has unique attributes.

1. Email Phishing

Email phishing is the most common type of phishing. It’s a wide ranging term for any email designed to trick you into turning over sensitive data, such as login credentials for a variety of sites. These emails usually impersonate legitimate senders like banks or well known companies and ask for passwords, financial credentials, and personal info. In recent examples, Abnormal Security detected a phishing attempt impersonating BB&T Bank and a university support team.

university support email phishing attempt

Abnormal Security detected this email phishing attempt, where attackers impersonated a university IT support team.

This attack led victims to a fake Microsoft account login page, where they would input their existing credentials, compromising their account. Phishing attacks are particularly devastating when they successfully compromise and take over an email account. It’s why so many email phishing attacks impersonate Microsoft or Google login pages.

2. Spear Phishing

Spear phishing is a highly targeted form of email phishing. Standard email phishing generally relies on non-personalized mass emails to numerous victims, while spear phishing focuses on personalized emails to a small number of targets. It requires considerably more research and preparation. For example, a spear phishing email may impersonate your employer or a person you know and trust like the CEO.

Abnormal Security detected a spear phishing attempt where attackers compromised an attorney’s email account, then used the account to target a high-profile client. They emailed the target an innocuous link to an RFP, which redirected to a malicious web page. The victims were more likely to click the link because they had previously worked with the sender, before the sender’s account was compromised.

Confluence spear phishing attack email

Abnormal Security detected this spear phishing attempt, where attackers compromised the account of a trusted partner.

It’s important to note that spear phishing attacks can and do happen without using a compromised account as a pathway. However, a compromised account does make spear phishing attacks easier.

3. Vishing

Vishing is a term for voice phishing, and you’ve probably been on the receiving end of an attempt. It’s a type of phishing attack conducted via phone calls or voice messages, and the main goal is typically to steal a victim’s credit card number. It’s grown in popularity thanks in part to new tools like caller ID spoofing and VoIP. Vishing attacks come in many shapes and sizes, including:

  • IT support asking for your login credentials to an important platform.

  • The IRS threatening to arrest you for unpaid taxes.

  • An auto warranty company warning you that your warranty is about to expire.

  • A travel agency or hotel awarding you a free trip.

  • A debt relief or credit repair agency offering to help fix your financial situation.

4. Smishing

Smishing is a term for SMS phishing. It’s a type of phishing attack carried out entirely over text messages. Most smishing messages come with a harmful link that impersonates a legit website to steal your login credentials, or a prompt to download a malicious app.

5. Pharming

A pharming attack involves redirecting web traffic from a legitimate site to a malicious spoofed site. The fake site will often ask for login credentials, allowing cybercriminals to compromise an account. Users are usually directed to these fake sites by malware or DNS spoofing.

6. Whaling or CEO Fraud

Whaling and CEO fraud are spear phishing attacks that impersonate high-ranking executives. A cybercriminal will impersonate a CEO and then email employees, often asking them to pay a fake invoice, buy gift cards, or send sensitive data. These attacks usually come with a sense of urgency (a common theme in phishing attacks) and employees may overlook the suspicious nature due to the importance of the impersonated sender.

Executive impersonation whaling phishing email

An example of CEO fraud, where cyberattackers impersonate an executive and use urgency to trick employees.

7. Angler Phishing

Angler phishing attacks target social media users who post public complaints about a product, service, or company–most often a financial institution. Attackers will create a fake account posing as the company’s customer service and contact the complainer to offer assistance. They’ll ask for login information or send a link to a malicious website.

8. URL Phishing

URL phishing attacks use fake websites with URLs that look legitimate at first glance, but are designed to steal login credentials or install malware on your device. Phishing URLs are disguised with slight alterations such as:

  • .net instead of .com

  • Tricky misspellings like “Arnazon” instead of “Amazon” or “0” instead of “o”

  • An anchor text URL or button that doesn’t match the actual URL

Abnormal Security caught this URL phishing attempt where attackers tried to steal Facebook credentials. The URL contains “facebook-support,”, but the domain of this site is “appealing6608[.]xyz."

Facebook URL phishing attempt

A fake URL phishing attempt of a Facebook login page. Notice the fraudulent URL.

How to Stop Phishing Attacks

Since phishing relies on social engineering, it’s not easy to stop. Traditional cybersecurity measures often miss these more sophisticated and targeted types of phishing attacks, particularly when they are text-only and do not contain malicious links. Some ways to stop them from impacting your organization include:

  • Train your employees. Your security measures are only as strong as your end users. Make sure anyone with access to sensitive files and networks has adequate training on cybersecurity best practices.

  • Mandate strict password standards. Many types of phishing attacks use compromised accounts, so a single password leak can put you at risk. Make sure your organization’s password policies are up to date.

  • Implement API-based email security. Since email is the most common attack vector for phishing, implementing an email security product that detects and stops socially engineered attacks is a must. The right platform will use a combination of identity, behavior, relationship, and content signals to detect and block abnormal messages.

Abnormal Security vs. Phishing

We recognize that phishing is one of the costliest and most dangerous cyberattacks impacting businesses today. That’s why we designed our cloud email security platform to identify and block the phishing attacks that secure email gateways and native email security platforms miss.

Abnormal Security uses a behavior AI model of every employee and vendor in your organization to identify suspicious signals in emails. These signals include:

  • Emails with display names that don’t match sender names

  • Credential requests

  • Urgent language

  • Requests for financial information and text message responses

  • Links with redirects

  • Suspicious attachments

Once a phishing attack is identified, we block all similar emails to protect your other end users.

When we detect that an account has been compromised, we automatically lock it to prevent unauthorized access. We detect account compromise and employee impersonation by looking at several signals, including:

  • Emails sent outside of normal work hours or from unusual login locations

  • Unusual IP addresses

  • Large BCC lists with new contacts

  • Changes to mail filter rules

Our inbound email protection can shield your organization from phishing in a way that traditional security platforms simply cannot.

To learn more about how Abnormal stops phishing attacks via email, request a demo of the platform today.

Image

Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

0
Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 10 3 22 Cobalt Terrapin Blog
Threat group Cobalt Terrapin uses sophisticated impersonation techniques with multiple steps to commit invoice fraud.
Read More
B 09 29 22 CISO Cybersecurity Awareness Month
October is here, which means Cybersecurity Awareness Month is officially in full swing! These five tips can help security leaders take full advantage of the month.
Read More
B Email Security Challenges Blog 09 26 22
Understanding common email security challenges caused by your legacy technology will help you determine the best solution to improve your security posture.
Read More
B 5 Crucial Tips
Retailers are a popular target for threat actors due to their wealth of customer data and availability of funds. Here are 5 cybersecurity tips to help retailers reduce their risk of attack.
Read More
B 3 Essential Elements
Legacy approaches to managing unwanted mail are neither practical nor scalable. Learn the 3 essential elements of modern, effective graymail management.
Read More
B Back to School
Discover how threat group Chiffon Herring leverages impersonation and spoofed email addresses to divert paychecks to mule accounts.
Read More
B 09 06 22 Rearchitecting a System Blog
We recently shared a look at how the Abnormal engineering team overhauled our Unwanted Mail service architecture to accommodate our rapid growth. Today, we’re diving into how the team migrated traffic to the new architecture—with zero downtime.
Read More
B Industry Leading CIS Os
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 12 innovative and influential thought leaders on social media.
Read More
B Podcast Engineering 11 08 24 22
In episode 11 of Abnormal Engineering Stories, David Hagar, Director of Engineering and Abnormal Head of UK Engineering, continues his conversation with Zehan Wang, co-founder of Magic Pony.
Read More