History of Phishing attack

Before diving into the types of phishing attacks, let’s look at the history of the attack. According to the internet records, the mid-1990s gave birth to the first use of the word. Phishing was used in reporting the hacking attack against America Online (AOL) by the warez community which constituted a group of hackers and pirates. The word phishing was used in a report by the USENET group when trying to capture all AOL has experienced at the hands of the Warez Community.  By 2003, the use of email was introduced to scheming victims off their personal information. Attackers registered domain names of popular companies such as eBay and PayPal to get the attention of their victims, thereby asking the customers to enter their passwords and update their credit card information.

What is a phishing attack?

Phishing attacks are a type of social engineering attack where cybercriminals attempt to steal sensitive information, such as login credentials, credit card numbers, or personal data, by posing as a trustworthy entity through fraudulent communication channels. Phishing attacks can take several forms, and cybercriminals continually come up with new techniques to deceive users.

Types of phishing attacks

Email Phishing

This is the most prevalent form of phishing attack. Attackers send fraudulent emails that appear to be from legitimate organizations, such as banks or online services, or pose as high-level executives, employees, or business partners and attempt to trick recipients into revealing sensitive information or clicking on malicious links. Also, perform certain actions such as wire transfers.

Spear phishing

This type of phishing attack targets specific individuals or organizations, the cybercriminal gathers information about their targets to make the message appear more personal and legitimate, increasing the likelihood of the victim falling for the scam.

Whaling

 Like spear phishing, but the targets are high-ranking individuals such high-ranking executives or politicians. Cybercriminals aim to deceive these individuals into divulging sensitive information or performing certain actions.

Smishing

Smishing refers to phishing attacks conducted through SMS (text messages) or instant messaging platforms instead of emails. Attackers send deceptive messages to trick users into clicking on malicious links or divulging personal and sensitive information.

Vishing

Vishing (voice phishing) involves attackers impersonating legitimate organizations and contacting victims over the phone or often in the form of automated phone calls. The attackers use social engineering techniques to manipulate victims into revealing sensitive information or performing certain actions.

Social Media Phishing

 Attackers may create fake social media profiles or pages that appear legitimate. They use these platforms to distribute phishing links, gather personal information, or trick users into revealing sensitive data.

Pharming

In pharming attacks, attackers manipulate the domain name system (DNS) to redirect users to fake websites that closely resemble legitimate ones. The website can appear at the top of the search engine. Users are tricked into entering their login credentials or other sensitive information on these fraudulent sites.

Malware-Based Phishing

Phishing attacks can also involve the distribution of malware. Attackers may send emails or messages containing malicious attachments or links that, when clicked, infect the user’s device with malware designed to steal information or gain unauthorized access. The malware used can be keyloggers or spyware.

Man-in-the-Middle (MITM) Attacks

In MITM attacks, attackers intercept communications between two parties and impersonate both ends, making them believe they are communicating directly with each other. This allows attackers to capture sensitive information exchanged between the parties.

The continuous history of phishing attacks cannot be stopped. Nevertheless, it is essential to stay on alert and informed about the latest phishing tactics and adopt good security practices to protect yourself from phishing attacks and online fraud, such as verifying email senders, avoiding clicking on suspicious links or attachments, and being cautious about sharing sensitive information online.