Honest Pros and Cons

How Does Phishing Work?

By

Last Updated on March 30, 2021 by Filip Poutintsev

It’s important to know how phishing works so you come up with ways of preventing financial scams. So here is how it works:

The targeted victim receives an email with either a URL link or an attachment pretending to be from a trusted sender such as a service provider, a business, or a bank.

In the case of URL attacks, the email message asks the recipient to log into a financial or service account. Once the recipient clicks this link, they get redirected to a fake webpage that looks similar to the site the attacker is imitating. If they then enter their information there, the attacker gains access to this and can use it.

Another template scammers use is where they include attachments. These deliver malicious macros or software that run when the user opens the document. This open attachment installs malware on the user’s machine. This allows the scammer to steal information and take control of the system.

PHISHING Button on Computer Keyboard

Types of Phishing

It Is crucial for email marketers and affiliate marketers to understand the types of phishing, this way, marketers would know how fraudsters scam people so they can distinguish themselves from them. Here are some types of phishing:

  • Email Phishing

An attacker registers a fake domain that mimics a genuine organization. They then include a link to this site in the email. The recipient unwittingly opens the link and enters their details. The attacker then acquires the details and uses it for illegal purposes.

  • Spear Phishing

This is a more sophisticated type of phishing. It describes malicious emails sent to a specific person. In this type of phishing, the criminals already have some information about the victim such as their name, place of employment, job title, email address, and much more.

The attacker often pretends to be a friend and invests a lot of time in gathering information about the victim. They customize emails using the gathered information and trick the victim into believing that the email is from a trustworthy source.

Also, these fraudsters attach fake URLs and email links asking for private information.

  • Whaling

These attacks are even more targeted and are aimed at senior executives. The technique used is a lot more subtle though. The criminals attempt to imitate senior staff.

A common variety of whaling involves bogus tax returns. Tax forms contain a lot of information such as names, addresses, social security numbers, and bank account information. It’s no wonder they are valued by attackers!

  • Smishing and Vishing

In both of these cases, telephones replace emails. In smishing, the attacker sends text messages while vishing involves a telephone conversation with the victim.

An example of a vishing scam is an attacker posing as an investigator and telling the victim that their account has been breached. The criminal then asks for the victim’s card details.

  • Clone Phishing

In this instance, the attacker clones an email and creates another identical and near-perfect email to trap the victim. Clone phishing is very dangerous for this reason.

Phishing Email Examples

  • Account temporarily suspended

A user might receive a notice from their bank that their account has been suspended due to unusual activity. The email will then ask the user to click on a link to reactivate the account. Doing this takes them to a fake page and asks for personal information.

  • CEO Phishing

These offer big paydays for fraudsters. Scammers send these emails to employees of specific companies. The scammer poses as a highly placed executive in the company. The email will then ask the employee to wire money to a vendor or client without them realizing it’s a scam.

  • Tax refund scams

Scammers can send emails purporting to be from the IRS and promise a tax refund which can be claimed online. Once the victim clicks on the link in the email, they run into a spoof site. They are then tricked into giving personal and financial information, or your device is infected with malware.

  • Job opportunities

These are emails sent by scammers offering email users job opportunities and telling them to click on a link to apply for that job. Once the victim does this they get directed to a site where they are required to fill in their information.

  • Netflix Phishing scams

Netflix’s “account-on-hold” scams are really popular. Criminals send an email as Netflix, notifying victims of trouble in the current billing information. The victim is then asked to click and enter a link to update their payment method.

Will You Get a Virus From Opening an Email?

Emails are a common means of spreading malware. Many fear opening digital communication like emails from unknown sources.

Thankfully, it’s a thing of the past to get a virus from just opening an email. What you should do is try to resist the temptation to click on unknown links. The other threat is to get a malicious attachment: this you should definitely not download.

As long as you are using trusted email providers like Hotmail, Gmail, Yahoo Mail, or other web-based email providers, you should be safe, unless you actually click a link or open an attachment.

Author

David Lukić is an information privacy, security and compliance consultant at IDstrong.com. The passion to make cyber security accessible and interesting has led David to share all the knowledge he has.

Related Posts