The murky waters of cyber security can be a confusing place to navigate. Terms like phishing, spear phishing and whaling get thrown around, but what exactly do they mean, and how can you avoid becoming a victim? Let’s reel in some knowledge and help you avoid these cyber criminals who are baiting you for your information.
The meaning of phishing attacks: a cast out for any bite
Phishing is the most common type of these attacks. A phishing scam is when cyber criminals try to get your personal information, passwords, banking or credit card details. They often do this by pretending to be a reputable business, or a company you might be likely to use.
Imagine a cyber criminal casting a wide net with generic lures. They’re not picky – they’ll send out emails, texts, or even voicemails pretending to be a company like your bank or delivery service hoping to snag some unsuspecting victim. These messages are often vague and designed to appeal to a broad audience.
Phishing attacks can arrive via email, text, voicemail, or even download. But no matter how it arrives, the result can still be significant, including loss of information or money, stolen identity or blocked access to accounts.
Spear phishing: targeting the school of you
Spear phishing is a more targeted approach to stealing information. Here, the cyber criminal has researched their prey and sends a more customised lure. They might use information gleaned from social media or company websites to craft a phishing email that appears to come from someone you know, like a colleague or manager. This personalised bait makes it more likely you’ll take the hook.
Such customisation is time-consuming to cyber criminals and so spear phishing is rarer than more generalised phishing. But much of the information cyber criminals need to make their message believable is already available on public websites and social media, so it’s easier than you might think for them to make it look believable.
As the rewards for spear phishing are greater, so too are the impacts on you or your business if you fall victim to an attack.
Whaling: going after the big fish
Whaling is the crème de la crème of phishing attacks. Think of it as the cyber criminal going after the Moby Dick of financial information – senior executives. These scams, also known as business email compromise (BEC), require a significant investment of time and research.
The attacker will impersonate someone the executive trusts, like a board member or vendor, and craft a highly believable message that could result in a huge payday.
It may even unknowingly follow earlier phishing email scams to access a business’ HR database or the email accounts of less senior employees. Sometimes, emails are sent from an ’external party’, usually someone who has been working with the company, but certain letters in the name and email are wrong or missing.
Whaling has been successful in the past, partially because running a business rarely leaves staff with much time to verify the origin of an email or link, leaving many CEOs open to cyber attacks. But remember, the people who have access to the most valuable information (including bank accounts and logins), are usually the target of the most lucrative phishing scams.
How to report phishing email scams
No matter what kind of phishing attack you encounter, the key is to avoid taking the bait. Don’t click on any suspicious links, and always double-check the sender’s information. If something seems fishy, it probably is. Report it to your IT department or email provider, and report the scam via ScamWatch, which can help others avoid the same scam.
By staying vigilant and avoiding malicious links, you can steer clear of phishing email attacks, and avoid becoming a phish out of water.