The technique that consists of sending by a Cybercriminal an Email to an user pretending to be a legitimate entity such as a social network, bank, public institution, etc. With the aim of stealing private information. Phishing-type emails generally contain a link to a false page that impersonates the identity of a company or service in which, if we enter our data, it will go directly to the scammer, but this time, what types of phishing can we find?

What types of phishing can we face

▸Spear phishing

The main difference of this class is that it is aimed at individuals or small groups. In this way the campaigns are much more personified and with a higher percentage of victims. Rarely are cases that affect banks or social networks, because they do not seek massiveness but quite the opposite; in reality, this type of method is used in attacks such as APTs, targeting employees of companies with specific profiles.

This means that victims could receive emails impersonating first and last names, even falsifying known addresses to generate greater empathy and trust from an unsuspecting navigator.

▸Traditional phishing

This type of attack is the simplest when it comes to technically analyzing it; it is usually linked to a copy of a site known to the victim, in which the address where the entered data arrives is changed.

The cybercriminal steals the credentials entered by the victim, which may be stored in plain text in a text file or sent to an email box. The main characteristic of traditional phishing is that it is linked to a single website on which all the contents of the fake portal are hosted.

▸Redirected Phishing

This technique is used in massive campaigns, although these attacks have a very low percentage of victims, there is a large number of affected users and compromised credentials.

This procedure has a higher level of complexity and uses at least two or more sites or domains to perpetuate the scam. We can highlight three techniques that experts commonly detect, which correspond to the use of shorteners in URLs, the injection of the well known Iframes and the exploitation of techniques linked to frames in the HTML code.

▸Smishing

This type of phishing is related to the use of another digital channel such as cell phones. Criminals usually impersonate known entities and send a text message alerting the victim that they have won a prize. As it usually happens, the objective of this operation is to obtain an economic profit, which is often linked to scams in different ways.


2 comentarios en «Types of phishing to be careful about»

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *