Phishing can be defined as one of the oldest and best known scams on the Internet. It is a type of telecommunications fraud that uses social engineering tricks to obtain private data from its victims. A phishing attack has two forms: the one carried out through an email or a phone call, and one in which someone impersonates a trusted person or organization with the aim of obtaining confidential personal information such as login credentials. session or credit card numbers.
Here are the different types of scams so that you’re aware and not allow anyone to fool you:
Normal Phishing This type of attack is the simplest when it comes to technicality. It is usually linked to a copy of a site known to the victim, in which the address where the entered data arrives is changed. So, the cybercriminal steals the credentials entered by the victim, which may be stored in plain text in a text file or sent to an email box. The main characteristic of traditional phishing is that it is linked to a single website on which all the contents of the fake portal are hosted.
Phishing redirector As mentioned before, this technique is used in massive campaigns. Although these attacks have a very low percentage of victims, there is a large number of affected users and therefore compromised credentials.
Spear phishing The main difference in this type is that it is aimed at individuals or small groups. Thanks to this, the campaigns are much more personalized and with a higher percentage of victims.
Smishing (SMS) This type of phishing is related to the use of another digital channel such as cell phones. Criminals usually impersonate known entities and send a text message alerting the victim that they have won a prize. Commonly, victims must respond with some type of code or special number to validate their false award.
As mentioned above, there is an establishment of false call centers that make calls with the aim of carrying out fraud, and they are related to cases of vishing.
To conclude, this type of crime basically consists of sending the user an email that appears to come from a legitimate entity (in this case the bank) and requesting it (either through email or by accessing a link sent in the email) that provides their access data, in this case username and password, but they also usually request the PIN, the coordinate card data or the credit card.