As we approach the holiday break, ITS encourages the Carleton University community to be on the lookout for phishing scams.
What are the Various Kinds of Phishing?
Phishing can take many forms including some of the following:
Email phishing: The most commonly used and known kind of phishing is email phishing. The culprits that send these malevolent emails usually claim to be members of respected organizations. Said emails frequently contain urgent warnings of an account being compromised and state that to recover the lost account, the receiver must click on a suspicious looking link to enter their credentials. Email phishing attempts are easier to recognize due to a number of unusual clues that you can learn about by reading our post on What to Do If You Get Phished.
Quishing: Quishing is a new form of phishing that has become more prominent since the start of the pandemic. Scammers have taken advantage of “quick response” (QR) codes becoming a more prevalent method of processing data to commit their crimes. Quishing involves cybercriminals sending fake or altered QR codes instead of links. When scanned, victims are sent to malicious websites where their sensitive information may be stolen.
Spear phishing: Most phishing attempts are imprecise attacks sent out to a widespread audience with the goal of catching as many victims as possible. But spear phishing attacks, a kind of attack pinpointed to a select target, are more precise. In order to catch their prey, these attacks are personalized to the individual, with messages containing distinct information about their target’s interests, family members, friends, experiences, and online activity. Spear phishing is less commonly encountered, as extensive research about targets must be done to execute the attack.
Whaling: Whaling is an even more specific kind of spear phishing attack that narrows its focus towards someone of high influence, such as the CEO of a company. Because of their high standing, these targets often have greater access to libraries of rich, confidential information. In order to accomplish such a feat, cybercriminals often pose as senior members of the organization, making it increasingly difficult for subordinates to deny a request from someone they believe to be of great importance.
SMiShing: Cybercriminals perform SMiShing attacks using Short Message Service (SMS) to create fake profiles disguised as family members needing financial aid, or service providers claiming something is wrong with their accounts. The goal of these scammers is to gain the trust of their target so they can reveal their sensitive information, which can be leveraged for money.
Vishing: Similar to SMiShing, vishing—short for voice phishing—is an over-the-phone scam involving the impersonation of a trustworthy person or service provider (colleague, technical support person, etc.) to fool their victims into revealing sensitive information.
New Trends in Phishing
Social Engineering:
Social engineers are not computer masters who can hijack into systems to steal information. Instead, they are professional manipulators who use their victims’ innate desire to help people into deceiving them into giving up their own secretive information. While normal email phishing campaigns can be more easily prevented using AI security measures, no technology can defend against social engineering.
To these kinds of criminals, sensitive information is gold. Personal and financial information such as confidential business files, user IDs and passwords, as well as bank account and credit card info can grant them access to an organization’s network and enable them to commit fraud.
To defend against these attacks, remember that vigilance is key. Be careful about who you trust online and use your best judgement before passing along any of your information.
WhatsApp:
WhatsApp is a popular messaging app that offers a fast and easy way for families and friends to chat online. Unfortunately, it is also becoming an increasingly more common place for cybercriminals to use for nefarious purposes. Now that people are generally more aware of email phishing scams, cybercriminals are adapting their tactics towards instant communication methods like text messaging and WhatsApp. According to the British Lloyds Banking Group, there has been a 2,000 per cent increase in WhatsApp scams in the past year.
Some of the methods cybercriminals are using on WhatsApp to deceive victims include:
- Impersonating loved ones in need of money
- Sending malicious links that could lead to malware infections
- Compromising an account and then prompting the victim with a verification code to complete the login