Now available: click fraud protection for Facebook and InstagramLearn more
Now available: click fraud protection for Facebook

What is Phishing?

what is phishing

Phishing is a type of fraud where scammers send emails pretending to be from reputable organizations like Apple, PayPal, and the IRS. The goal is to get you to share your personal, identifying information, payment information, or account information like passwords. Some phishing attempts will ask you for this info directly, while others may lead you to a convincing sign-in page that’s just a capture form for your sign-in credentials.

Google has identified more than 2 million phishing websites in just the first six weeks of 2022 alone.

Types of Phishing

There are seven categories of phishing known as spear phishing, whaling, smishing, vishing, email phishing, sextortion, and search engine phishing. Spear phishing targets a specific group, individual, or role within companies. It’s called spear phishing because when you fish with a spear, you choose a specific target instead of pulling in whatever bites on a line.

Whaling targets CEOs, CFOs, and other c-suite leaders of large businesses within specific industries. Fraudsters will try to get the company’s tax ID and bank account numbers by claiming the company is being sued or some other such scam.

Smishing is SMS phishing or phishing through text. The message usually provides a link or a phone number that will lead you to the scam. The attack might ask you to verify your banking details, social security number, and other personal information to steal funds or your identity.

Vishing is voice phishing, phishing that comes through a voice call. The most well-known example of vishing is the Microsoft caller claiming a virus on your computer. They prompt you to upgrade your virus protection to solve the issue, but what really happens is you install malware on your computer, and criminals now have your credit card details. The malware is controlled by CnC and will do whatever the hacker wants, including stealing your banking login info or participating in a DDoS attack.

Email phishing is the most common type of phishing. Hackers have been sending these emails to any address they can get since the 90s. The emails usually say your account has been locked or compromised, and you have to follow the link and enter your details to fix it. You should always check the source address and, if you’re suspicious, go directly to your account from your browser without using the link in the email.

Sextortion is a type of blackmail where the scammer will send an email that looks like it came from your address. They’ll claim to have control of your email account, as well as a video from your webcam that was taken while you were watching adult video. They’ll threaten to share the video with your family and colleagues unless you pay them, usually in bitcoin.

Search engine phishing is also known as SEO poisoning and SEO trojans. It requires that the hackers become the top hit for a search phrase on Google or other search engines. When users click their link, they’re taken to the hackers’ website, where their personal information can be stolen. These hacker sites often pose as banking and social media sites.

What can advertisers do about it?

According to leading security company Tessian, 75% of organizations worldwide were attacked by phishing in 2020, with 96% of the attacks coming through email. The average cost of a compromised record is $150,000. The average cost of a data breach is $3.92 million, not including the catastrophic reputation damage that will follow.

What makes businesses most vulnerable to phishing is that it relies on human error. Anyone could make the mistake of clicking the wrong link. You can secure protection for your business by consulting a fraud prevention service like FraudBlocker uses sophisticated, proprietary software that can outmatch the tech being used to attack your business.


More from Fraud Blocker