MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Phishing Terminology You Need To Know

There has been a significant and constant rise in phishing attacks. They are becoming more effective and they are continuing to target more people. 

 that almost 30% of the people targeted by phishing email scams went on to open the email, and a further 13% went on to open the subsequent link, which is high considering any percentage is too high.  

No one is safe. Data breaches and data leaks have affected retailers, banks, US internal revenue service and universities, all off the back of phishing attacks. 

The term “phishing” is basically a hacker’s phrase for conning an online user, usually through email, with the aim of tricking them into revealing valuable information such as passwords, account numbers etc, or even downloading malware onto their PC. In other words, an online robbery. 

Check out our ultimate guide to phishing

These attacks are usually email-orientated on the basis of how easy it is for the scammers to impersonate other individuals, with fake return addresses included. There are four main kinds of phishing attacks:

  • Phishing 

This is an attempt to gain access to information, the likes of usernames, passwords and credit card details, by pretending to be someone you’re not, and hiding as a trusting entity through email. 

  • Spear Phishing  

Spear phishing is similar only as it is specifically directed at individuals or specific companies. Like hunters, they sought out their prey and they attack with accuracy. This technique of phishing is by far the most successful scam on the Internet today, as it makes up 91% of online attacks. 

  • Clone Phishing  

This is a phishing attack where, a formerly legitimate email containing links, has been taken and used to create an identical fraudulent email. Replacing the original link with a new malicious link, this is then sent from a fake email address, in an attempt to appear to come from the original email address.  

  • Whaling  

Whaling are the kind of attacks that are aimed at higher end personnel within companies, the likes of senior executives CEOs and CIOs. In this instance, the masquerading email usually takes the form of a customer complaint or an employee issue, in order to gain their attention. People in this position usually tend to have more valuable information and more financial power. 

Conclusion

Overall, phishing attacks produce two main victims. For example, the person who is being attacked and the company who is being impersonated. Essentially, if you were to receive an email that appears to be from your university, and it asks you to freely give up passwords and personal information – you have become a victim of fraud. Furthermore, the reputation of the university has been compromised and you are less likely to trust any genuine emails from your university from here on in.  

Phishing attacks are very real and they are only going to become a bigger threat, so remember to be vigilant and educate yourself and your organisation on the subject. 

Organisations can protect themselves against these types of phishing attacks by making sure that all of their employees are trained to watch out for suspicious activity. 

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Social Engineering

Social Engineering: Hacking the Human

Social engineering is nothing new. Way before computers entered our lives, human beings were being scammed using psychological tricks. Back in 1947, a book entitled “Illustrated
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations
  • This field is for validation purposes and should be left unchanged.