What is Phishing?

There are seven categories of phishing known as spear phishing, whaling, smishing, vishing, email phishing, sextortion, and search engine phishing. Spear phishing targets a specific group, individual, or role within companies. It’s called spear phishing because when you fish with a spear, you choose a specific target instead of pulling in whatever bites on a line.

Whaling targets CEOs, CFOs, and other c-suite leaders of large businesses within specific industries. Fraudsters will try to get the company’s tax ID and bank account numbers by claiming the company is being sued or some other such scam.

Smishing is SMS phishing or phishing through text. The message usually provides a link or a phone number that will lead you to the scam. The attack might ask you to verify your banking details, social security number, and other personal information to steal funds or your identity.

Vishing is voice phishing, phishing that comes through a voice call. The most well-known example of vishing is the Microsoft caller claiming a virus on your computer. They prompt you to upgrade your virus protection to solve the issue, but what really happens is you install malware on your computer, and criminals now have your credit card details. The malware is controlled by CnC and will do whatever the hacker wants, including stealing your banking login info or participating in a DDoS attack.

Email phishing is the most common type of phishing. Hackers have been sending these emails to any address they can get since the 90s. The emails usually say your account has been locked or compromised, and you have to follow the link and enter your details to fix it. You should always check the source address and, if you’re suspicious, go directly to your account from your browser without using the link in the email.

Sextortion is a type of blackmail where the scammer will send an email that looks like it came from your address. They’ll claim to have control of your email account, as well as a video from your webcam that was taken while you were watching adult video. They’ll threaten to share the video with your family and colleagues unless you pay them, usually in bitcoin.

Search engine phishing is also known as SEO poisoning and SEO trojans. It requires that the hackers become the top hit for a search phrase on Google or other search engines. When users click their link, they’re taken to the hackers’ website, where their personal information can be stolen. These hacker sites often pose as banking and social media sites.