Get a Tech Evaluation
Search for topics or resources
Enter your search below and hit enter or click the search icon.
Close Search
Services
Services
Managed IT & Network Security
Managed Print & Documents
Managed Communications
Video Conferencing
Security & Surveillance
All Services
Learning Center
Company
Company
About Us
Odyssey Process
Careers
Locations
Client Testimonials
Contact
Client Support
Get a Tech Evaluation

«  View All Posts

Phishing 101
Sarah Goltz, Content Manager

By: Sarah Goltz, Content Manager on June 18th, 2021

Print/Save as PDF

Phishing 101

Cyber Security

While the number of people falling for sending personal information to the crown prince of Nigeria in hopes of receiving his promised wealth and riches seems to be dropping, phishing remains a major issue. In fact, the number of phishing campaigns pursued by hackers around the world had a 667% increase within the last year that were using the coronavirus as a lure. What exactly is phishing? Hackers mimic the emails, forms, and websites of legitimate companies in an effort to lure people into providing their private, personal information, like credit cards numbers, social security information, account logins, and personal identifiers. The victim typically doesn’t realize they’ve been compromised until long after the event, and oftentimes only after their identity or finances are affected. In the past, an attack was carried out relatively quickly. As soon as the victim gave up their information, the hacker moved in and stole money from the compromised bank account. Today, it’s often more lucrative for hackers to sell that information on the Dark Web, resulting in longer-lasting, even more devastating attacks.

3 Types of Phishing Attacks

Spear phishing

Phishing attempts directed at specific individuals or companies have been termed spear phishing. This type of attack is very commonly done through email. Attackers may gather personal information about their target to increase their probability of success. The hacking of the Democratic National Committee was one of the most famous data breaches in more recent history. The malicious email attack was sent out to over 1,000 email addresses and it led to members of the committee getting tricked into sharing their passwords.

Clone phishing

Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.

Whaling

Several phishing attacks have been directed specifically at senior executives and other high-profile targets within businesses, and the term whaling has been coined for these kinds of attacks. In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or executive issue. Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate.