Products

Explore Our Customised Security Awareness Training and Human Risk Management Solutions - Equip your team with the essential skills to defend against modern cyber threats. Our platform offers everything from phishing simulations to comprehensive policy management, empowering your workforce to enhance security and ensure compliance effectively.

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

eLearning Content

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Compliance Management

Simplify Policy, Privacy, and Incident Management for Total Compliance

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Enterprises

A Security Awareness Training Solution For Large Enterprises

Education Sector

Engaging Security Awareness Training For The Education Sector

Tech Industry

Transforming Security Awareness Training In The Tech Industry

Governments

A Go-To Security Awareness Solution For Governments

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Resources Overview
Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Careers

Join Us and Make Cybersecurity Personal

Leadership Team

Meet the MetaCompliance Leadership Team

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Top 5 Phishing Scams

top 5 phishing scams 0 header

about the author

Share this post

Phishing has been around for a long time and has always proved an effective way to con people out of money and steal personal information. However, as our technological landscape has evolved, the phishing scams that we are seeing are increasingly more advanced and deceptive.

The attackers have honed their skills and adapted their scams to con as many people as they can across a range of different platforms. Kaspersky Lab noted a 59% increase in phishing attacks in 2017, and this figure is only expected to rise. The simple reason is that phishing works.

Its low cost and high return on investment has made it a very lucrative way to defraud people. Despite a greater general knowledge about phishing, millions are still falling for phishing scams on a daily basis.

The best way to avoid falling for a phishing scam is to know what they look like and what methods are used to target victims. Below are some of the most commonly used phishing scams used to target users across the world:

Top Phishing Scams

1. Deceptive Phishing

Top 5 Phishing Scams

Deceptive Phishing is the most frequently used type of phishing scam. The aim of each phishing attack is to trick a victim into disclosing confidential information and it’s typically carried out by impersonating a legitimate company or reputable source. These phishing emails often create a sense of urgency, so the user feels compelled to reply to the email as soon as possible.

In recent years, phishing scams have become increasingly more sophisticated and difficult to spot. Spelling mistakes and grammatical errors often alert users to the presence of a phishing scam, but today’s phishing emails are well crafted and often difficult to distinguish from the real deal.

Deceptive phishing emails take many different forms, but most will try and trick a user into resolving an account issue such as updating payment information or preventing the closure of an account by clicking on a link. As soon as a victim clicks on a link, they are often directed through to an almost identical fake site that will steal their personal and financial information.

Deceptive phishing attacks often imitate big brand companies such as PayPal, Netflix, Apple and Amazon, as there is a higher chance of more people falling for the scam. Users should always be wary of emails with a generic greeting, urgent and threatening language, spelling mistakes, a mismatched URL, or requests for personal information.

2. Spear Phishing

Top 5 Phishing Scams

Some of the biggest cyber-attacks in recent years have all started with a single spear phishing email. Spear Phishing is a more targeted attempt to steal sensitive information and typically focuses on a specific individual or organisation. A lot more thought and time will go into the crafting of a spear phishing attack and the fraudsters will try to find out as much information as they can about their victim to make the emails appear as legitimate and convincing as possible.

They will often turn to company websites and social media to research their victims, and once they have a better understanding of their target, they will start to send personalised emails designed to trick their victim into divulging sensitive information.

Spear Phishing attacks can take many different forms. Some will try and get a victim to click on a link that downloads malware, others may request login details, or they may be directed through to a site that contains advertisements or keylogging software.

Traditional security measures can prove totally ineffective at detecting spear phishing emails so it’s vital that users remain vigilant to this attack method and double-check the validity of any emails they believe to be suspicious.

3. Social Media Phishing

Top 5 Phishing Scams

There has been a steep increase in the number of phishing scams carried out on social media. A recent report from RiskIQ found a 100% increase in phishing attacks taking place across social media platforms. Social Media Phishing is when attackers use social media sites such as Facebook, LinkedIn or Twitter, to trick users into clicking on malicious links or revealing personal information.

Social Media sites are proving to be a lucrative hunting ground for attackers as they can find a wealth of information about potential victims before launching a targeted attack. Users will also tend to be more trusting and less suspicious about links within messages on social media, leaving them more vulnerable to attack.

With consumers increasingly interacting with brands through their social media channels, fraudsters have been quick to take advantage of this online relationship to launch fake accounts impersonating major brands. Research indicates that 19% of social media accounts appearing to represent top brands were all fake.

For increased protection against social media phishing scams, users should always use enhanced privacy settings, don’t click on suspicious links, never accept friend requests from someone you’re not familiar with, and be careful about sharing too much personal information.

Image: Fake Facebook link

Top 5 Phishing Scams

Source: TrendMicro

4. Malware Based Phishing

Top 5 Phishing Scams

Cybercriminals use a range of phishing attacks to steal personal and financial information, and malware-based phishing has proved an extremely effective way to target victims and launch large scale cyber-attacks.

Malware based phishing is when an attacker sends an email attachment or downloadable file that once clicked will infect a computer with a virus, ransomware or other malicious programs. This is exactly what happened in the infamous WannaCry attack that affected more than 200,000 victims in 150 countries after their computers were infected with malicious software.

5. File Sharing Scams

Top 5 Phishing Scams

File Sharing services such as Google Docs and Dropbox have become a very effective way to target users with phishing scams. The sites are frequently used by businesses, so they tend not to get blocked and are in turn used as bait in phishing attacks.

In 2017, around one million Google Docs users got hit with a phishing scam that stole their personal details after they clicked on a phishing link. Victims received an email saying: “xxx has shared a document on Google Docs with you”, this, in turn, lead users to a fake Google login page. The scam appeared entirely legitimate as it was hosted on Google’s servers, but as soon as users entered their password, they were redirected through to a malicious third-party site.

It cannot be stressed enough, that users should always be extra vigilant about clicking on links and downloading attachments from unknown sources. Two-factor authentication can also be used to provide an extra layer of defence in protecting the security of online accounts.

 Related articles:

How to Report a Phishing Scam

5 Ways to Identify a Phishing Website

What to do if you click on a Phishing Link

Despite the increasing sophistication of phishing scams there are a number of ways you can protect yourself online. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime. Get in touch or further information on how we can help your business.

Other Articles on Cyber Security Awareness Training You Might Find Interesting