1. Email phishing
Also called “deception phishing,” email phishing is one of the most well-known attack types. Malicious actors send emails to users impersonating a known brand, leverage social engineering tactics to create a heightened sense of immediacy and then lead people to click on a link or download an asset.
The links traditionally go to malicious websites that either steal credentials or install malicious code, known as malware, on a user’s device. The downloads, usually PDFs, have malicious content stored in them that installs the malware once the user opens the document.
2. HTTPS phishing
The hypertext transfer protocol secure (HTTPS) is often considered a “safe” link to click because it uses encryption to increase security. Most legitimate organizations now use HTTPS instead of HTTP because it establishes legitimacy. However, cybercriminals are now leveraging HTTPS in the links that they put into phishing emails.
3. Spear phishing
Although spear phishing uses email, it takes a more targeted approach. Cybercriminals start by using open source intelligence (OSINT) to gather information from published or publicly available sources like social media or a company’s website. Then, they target specific individuals within the organization using real names, job functions, or work telephone numbers to make the recipient think the email is from someone else inside the organization. Ultimately, because the recipient believes this is an internal request, the person takes the action mentioned in the email.
5. Vishing
Voice phishing, or “vishing,” happens when a cybercriminal calls a phone number and creates a heightened sense of urgency that makes a person take an action against their best interests. These calls normally occur around stressful times. For example, many people receive fake phone calls from people purporting to be the Internal Revenue Service (IRS) during tax season, indicating that they want to do an audit and need a social security number. Because the call creates a sense of panic and urgency, the recipient can be tricked into giving away personal information.
6. Smishing
Malicious actors often apply similar tactics to different types of technologies. Smishing is sending texts that request a person take an action. These are the next evolution of vishing. Often, the text will include a link that, when clicked, installs malware on the user’s device.
FOR MORE TIPS & TRICKS:- SOCIAL MEDIA