Three Common Types of Phishing: How to identify and how to prevent.

With phishing becoming popular within the news, it’s important that you and your organisation understand the many different types and how to prevent them from occurring.

What is “Phishing?”

Phishing a fraudulent act, in which the purpose is to steal personal information from an individual, a group of individuals or an organisation/company.

With the increasing number of advanced technology, also comes an increasing number of data breaches and cyber-attacks. It’s important to understand how to identify phishing and how to prevent it from causing any damage.

This blog will look at three common types of Phishing:

Deceptive Phishing
Spear Phishing
CEO Fraud

Deceptive Phishing

Deceptive phishing is an email attack where the imposter imitates a genuine company or organisation in attempt to steal personal information.

The email created will have a sense of urgency, which makes the victim worried; and therefore they are pressured into giving away their details.

An example of deceptive phishing is a bank scamming email which includes a link that the victim is instructed to click. This link leads the victim to a fake bank login page, where they give their personal information straight to the attacker.

How to prevent Deceptive Phishing

When receiving emails with traits that match a deceptive attack, you must:

Look closely at the URL – do you recognise it or have you used it before? Does it look legit?
Check for spelling, punctuation and grammar mistakes – Genuine professional emails rarely have any errors.

Spear Phishing

In Spear Phishing scams, the imposter personalises their attack email, using the target’s name, company, work number and other information.

The information used can be taken of the target’s social media pages, such as LinkedIn. This information is used to make the email more realistic.

Similar to deceptive phishing, a link or attachment is used to lure information from the victim.

How to prevent Spear Phishing

To prevent Spear Phishing, it’s advisable to:

Not post any sensitive or personal information on your social media pages.
Pay close attention to emails for URL links that look suspicious.
Pay close attention to emails for spelling, grammar and punctuation mistakes.

CEO Fraud

CEO Fraud involves attackers using email addresses similar to that of an authority figure to request payments or data from others within the company.

The aim of CEO Fraud is to get the target to transfer a payment directly to the attacker.

How to prevent CEO Fraud

To prevent CEO Fraud, it’s important that:

Organisations are continuously making sure that employees are undertaking security awareness training.
Organisations are checking that no employees can approve financial transactions over email.

For further information on Phishing and Cyber Security

See our Cyber Security Page.

See our YouTube videos.

Or feel free to contact us!

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
CONSENT	16 years 3 months 23 days 8 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.