Phishing is one of the most common and devastating types of attacks in today’s cybersecurity landscape. The FBI’s IC3 Internet Crime Report found over 240,000 phishing attacks costing victims more than $54 million in 2020 alone. These numbers are poised to grow as forms of phishing attacks diversify to avoid detection.
There are various types of cyberattacks that qualify as phishing. Here we’ll cover some of the most common types of phishing attacks and how to stop them.
How Phishing Works
Phishing refers to a wide-range of socially engineered cyberattacks. While delivery methods vary by the type of phishing attack, the basic tenets remain the same: cybercriminals try to trick victims into paying money, revealing sensitive information, or installing malware. They pose as legitimate businesses, like a bank, agencies, like the IRS, or even people that the victim personally knows, like a work manager.
Artificial urgency is a key component of phishing that helps make it such an effective attack. Phishing attempts often come with time sensitive prompts like the following:
Manager needs an immediate wire transfer for an important invoice.
Trusted coworker sends you an urgent email which asks for login credentials.
Bank account closure due to insufficient balance.
Power and water shutoff because of a late utilities bill.
Friend or family member arrested or injured.
The urgency causes victims to act quickly, without noticing suspicious giveaways like dodgy URLs, misspellings, or fake email addresses.
These core characteristics are common across different examples of phishing attacks. But each type of phishing attack has unique attributes.
1. Email Phishing
Email phishing is the most common type of phishing. It’s a wide ranging term for any email designed to trick you into turning over sensitive data, such as login credentials for a variety of sites. These emails usually impersonate legitimate senders like banks or well known companies and ask for passwords, financial credentials, and personal info. In recent examples, Abnormal Security detected a phishing attempt impersonating BB&T Bank and a university support team.
This attack led victims to a fake Microsoft account login page, where they would input their existing credentials, compromising their account. Phishing attacks are particularly devastating when they successfully compromise and take over an email account. It’s why so many email phishing attacks impersonate Microsoft or Google login pages.
2. Spear Phishing
Spear phishing is a highly targeted form of email phishing. Standard email phishing generally relies on non-personalized mass emails to numerous victims, while spear phishing focuses on personalized emails to a small number of targets. It requires considerably more research and preparation. For example, a spear phishing email may impersonate your employer or a person you know and trust like the CEO.
Abnormal Security detected a spear phishing attempt where attackers compromised an attorney’s email account, then used the account to target a high-profile client. They emailed the target an innocuous link to an RFP, which redirected to a malicious web page. The victims were more likely to click the link because they had previously worked with the sender, before the sender’s account was compromised.
It’s important to note that spear phishing attacks can and do happen without using a compromised account as a pathway. However, a compromised account does make spear phishing attacks easier.
Vishing is a term for voice phishing, and you’ve probably been on the receiving end of an attempt. It’s a type of phishing attack conducted via phone calls or voice messages, and the main goal is typically to steal a victim’s credit card number. It’s grown in popularity thanks in part to new tools like caller ID spoofing and VoIP. Vishing attacks come in many shapes and sizes, including:
IT support asking for your login credentials to an important platform.
The IRS threatening to arrest you for unpaid taxes.
An auto warranty company warning you that your warranty is about to expire.
A travel agency or hotel awarding you a free trip.
A debt relief or credit repair agency offering to help fix your financial situation.
Smishing is a term for SMS phishing. It’s a type of phishing attack carried out entirely over text messages. Most smishing messages come with a harmful link that impersonates a legit website to steal your login credentials, or a prompt to download a malicious app.
A pharming attack involves redirecting web traffic from a legitimate site to a malicious spoofed site. The fake site will often ask for login credentials, allowing cybercriminals to compromise an account. Users are usually directed to these fake sites by malware or DNS spoofing.
6. Whaling or CEO Fraud
Whaling and CEO fraud are spear phishing attacks that impersonate high-ranking executives. A cybercriminal will impersonate a CEO and then email employees, often asking them to pay a fake invoice, buy gift cards, or send sensitive data. These attacks usually come with a sense of urgency (a common theme in phishing attacks) and employees may overlook the suspicious nature due to the importance of the impersonated sender.
7. Angler Phishing
Angler phishing attacks target social media users who post public complaints about a product, service, or company–most often a financial institution. Attackers will create a fake account posing as the company’s customer service and contact the complainer to offer assistance. They’ll ask for login information or send a link to a malicious website.
8. URL Phishing
URL phishing attacks use fake websites with URLs that look legitimate at first glance, but are designed to steal login credentials or install malware on your device. Phishing URLs are disguised with slight alterations such as:
.net instead of .com
Tricky misspellings like “Arnazon” instead of “Amazon” or “0” instead of “o”
An anchor text URL or button that doesn’t match the actual URL
Abnormal Security caught this URL phishing attempt where attackers tried to steal Facebook credentials. The URL contains “facebook-support,”, but the domain of this site is “appealing6608[.]xyz."
How to Stop Phishing Attacks
Since phishing relies on social engineering, it’s not easy to stop. Traditional cybersecurity measures often miss these more sophisticated and targeted types of phishing attacks, particularly when they are text-only and do not contain malicious links. Some ways to stop them from impacting your organization include:
Train your employees. Your security measures are only as strong as your end users. Make sure anyone with access to sensitive files and networks has adequate training on cybersecurity best practices.
Mandate strict password standards. Many types of phishing attacks use compromised accounts, so a single password leak can put you at risk. Make sure your organization’s password policies are up to date.
Implement API-based email security. Since email is the most common attack vector for phishing, implementing an email security product that detects and stops socially engineered attacks is a must. The right platform will use a combination of identity, behavior, relationship, and content signals to detect and block abnormal messages.
Abnormal Security vs. Phishing
We recognize that phishing is one of the costliest and most dangerous cyberattacks impacting businesses today. That’s why we designed our cloud email security platform to identify and block the phishing attacks that secure email gateways and native email security platforms miss.
Abnormal Security uses a behavior AI model of every employee and vendor in your organization to identify suspicious signals in emails. These signals include:
Emails with display names that don’t match sender names
Requests for financial information and text message responses
Links with redirects
Once a phishing attack is identified, we block all similar emails to protect your other end users.
When we detect that an account has been compromised, we automatically lock it to prevent unauthorized access. We detect account compromise and employee impersonation by looking at several signals, including:
Emails sent outside of normal work hours or from unusual login locations
Unusual IP addresses
Large BCC lists with new contacts
Changes to mail filter rules
Our inbound email protection can shield your organization from phishing in a way that traditional security platforms simply cannot.
To learn more about how Abnormal stops phishing attacks via email, request a demo of the platform today.