The document outlines six key types of phishing attacks, including basic phishing, spear phishing, whaling attacks, smishing, vishing, and social engineering. It emphasizes that while phishing initially focused on email scams, it has evolved to include targeted manipulation through various methods, including phone calls and mobile messages. The importance of employee education and advanced phishing detection technology in combating these sophisticated threats is highlighted.

1. Understanding 6 Key Terms Used to
Describe Phishing Schemes
When we think about phishing attacks and threats, it’s understandable that most people think first
about email scams. That’s where phishing really got its start back in the early 2000’s. But phishing has
evolved to include targeted behavioral manipulation through social engineering and file-less threats that
largely go undetected by standard endpoint security solutions. In fact, we recently wrote about five file-
less techniques in our phishing attacks that don’t involve email blog. A quick recap…
 While most browser extensions are innocuous, some aren’t,Malicious browser extensions.
and they can provide a hacker unlimited access to data within your browser such as login
credentials.
 Acting as a legitimate entity – such as Dropbox, Yahoo, or Microsoft –Credential stealing.
hackers can steal login credentials that can give them access to other applications and sites.
 Hackers can use scare tactics to gain access to your browser toTechnical support scams.
install malware for remote access and data theft.
 Tricking people into downloading what looks to be legitimate software onlyRogue software.
to inadvertently load malware.
 . Tricking people into entering into a prize that is only designed to stealGift and prize scams
credentials and personal data.
While these phishing threats reside outside of email, there are certainly email-based and other non-
email-based phishing schemes that people need to be aware of. Let’s examine six of them.
1. This is the form of phishing that most are familiar with. The mass emails thatBasic phishing.
try and get someone to do something – from download an attachment, to click through to a
website, to complete a form. In all these cases, once a recipient does one of these things,
malware is installed that compromises the security of the computer system or network. These
types of threats are becoming more and more sophisticated as emails and websites are
designed to look more and more like established and trusted brands.

2. 2. Similar to phishing, spear phishing differs in that it usually targets a smallerSpear phishing.
group or a specific department in an organization and is more difficult to detect as it appears to
come from a sender closely aligned with the recipient. We recently posted a blog that showed
how some spear phishing threats today are targeting HR departments with the intent to abduct
sensitive employee data which can be used to further exploit individuals. Unlike basic phishing
threats which are more massive in size and easier to detect, spear phishing threats are more
sophisticated.
3. Whaling attacks are spear phishing threats that specifically target, you guessed it,Whaling.
high-profile individuals. This could be C-level executives within an organization, or celebrities
and politicians that have a lot to lose, that being reputation or money. These attack vectors can
be email scams like we see in basic or spear phishing, or website spoofs and other phishing
scams we’ve highlighted above.
4. A smishing threat is a form of phishing that utilizes your mobile device as an attackSmishing.
vector. Often the initiation is in the form of a text message disguised as a communication from a
bank or other potentially trusted brand than encourages a click-through to a phishing site where
credentials are targeted. As mobile devices become more prevalent for work communication,
smishing threats will likely increase, as will their sophistication.
5. A vishing threats tries to steal your personal information using the telephone. One ofVishing.
the most popular being an automated call claiming to be from the IRS threatening arrest and
asset seizure if you don’t respond with detailed information on your finances. These and other
calls are becoming more prevalent as well, as the phishing landscape widens.
6. Describes a scheme that targets a small number of potential victims usingSocial Engineering.
any combination of the phishing techniques described above in a complex fraud. It could even
involve an impersonator showing up in person with the goal of gaining physical access to a
system or building. The purpose of Social Engineering is to psychologically manipulate targets
into disclosing sensitive information or taking inappropriate actions. Many times, victims have
no idea they did something wrong until the fraud is exposed.
While employee education is paramount as part of a successful cybersecurity initiative – especially for
smishing and vishing attacks – definitive real-time phishing detection and protection is a must in today’s
phishing threat landscape. Whether advanced phishing threats come via email or from outside the
inbox, they can only be stopped with technology that is just as sophisticated as the threats themselves.
Our SEER™ technology is up to the task. Check it out today!
To know more, Visit: Slashnext.com