It’s been a long time that the Phishing attacks are around. It has always been an effective way to get hands-on people’s money, as well as confidential information. With the evolution of our technological landscape, phishing types has also been increased and become more sophisticated to deceive people easily. So, it’s time for us to learn about the top phishing scams that can con us.
The cybercriminals have honed their phishing skills and are defrauding people using a range of different phishing scams. As per Verizon’s Data Breach Investigations Report (DBIR) of 2019, phishing is found to be the top threat action, as per the analysis made in the reporting period, in most of the breaches. If we look at the Phishlabs Phishing Trends and Intelligence Report of 2019, then it was analyzed that there was an increase in the volume of phishing attacks by 40.9 percent since 2018.
We all know what is phishing? How phishing works? But, then also there are several of us who are becoming victims of phishing scams on a daily basis. So, what to do now? The best option we have is to learn about the methods which the adversaries are using to con us. So, below are the top phishing scams that the phishers use to target the users.
- Deception Phishing
Deception phishing is one of the most used phishing scams out there. In this, the scammer impersonates himself as a legitimate or reputable entity. Then he tries to create a sense of urgency in the minds of the users by sending messages relating to the closure of the account, update of payment information, contest-winning, etc. When the user clicks any of the phishing links attached to such messages, he/she is directed to a fake phishing website that asks the user to fill in personal as well as financial information.
To save yourself from becoming a victim of such a scam, you should be wary of messages and emails, which include urgent or threatening language, grammatical or spelling errors, unusual URLs, and requests for any personal or financial information.
- Social Media Phishing
The increasing use of social media platforms has lead to a steep increase in social media phishing scams also. With the introduction of 5G too, faster internet is available, and this means more use of social media platforms. According to the RiskIQ report, a 100% increase in the number of phishing scams on social media platforms can be seen.
Social media is a convenient ground to hunt for the scammers as they can find tons of information about the users there. This information is used to lure the victims into a trap by creating trusting unsuspicious messages and sending them to the victims. The user usually doesn’t get much suspicious about the social media messages and click on the links inside the messages easily. Such an act leaves the user into a vulnerable position.
As a protection measure, it will be wise to enhance your social media account’s privacy settings, not to click on any suspicious link, not to accept requests of unfamiliar people, and think before sharing any personal information on your account.
- Files Sharing Scams
The use of file-sharing services like Dropbox, Google Docs, etc. is widespread these days. But, phishers are now using these services for initiating phishing attacks too. The scammers share a document with you on Google Docs, and when you click on that document, you get directed to a fake Google login page. As such a scam is taking place on a reputed server like Google’s, it appears to be legitimate.
From a safety point of view, the user needs to be more vigilant when it comes to clicking on suspicious links and downloading attachments from sources that are unfamiliar.
As the people are becoming more aware of the traditional baiting and impersonation phishing scams, like spear-phishing or deceptive phishing, adversaries are now resorting to pharming.
Under pharming, pharmers attempt DNS (Domain Name System) cache poisoning attacks. In this, the IP address associated with a website is changed by the adversaries by targeting the DNS server. So, even when users type-in the correct website name, they are directed to a malicious website.
To protect your organization from such an attack, it is better to train the employees to enter the credentials on those websites only, which are HTTPS protected. Implementing good anti-virus and anti-phishing software can also help.
- Phishing Based On Malware
In a malware-based phishing scam, the scammers send emails that have got attachments or any type of downloadable file. When the user clicks on that file, the malicious software gets into the computer system and infects it. So, it is better to think before you click or download any unknown file.
Despite the fact that a variety of top phishing scams are out there, you can protect yourself if you know the right safety measures.