Email has replaced older kinds of communication such as a written letter, fax or telegram, as the primary vehicle for commercial communication. A powerful technology that has transformed the way we do business. However, this utility comes at a cost. Email is also one of the most easily exploited ways for nefarious individuals to carry out fraudulent activities by misrepresenting themselves in some way.
Top of the list of this kind of illegal email use is what has come to be known as a phishing attack. This is in effect, the digital equivalent of a confidence trick. Fooling somebody into providing the conman with something, by successfully making them believe they are responding to a legitimate email.
Types of Phishing Attacks
Phishing is a common place fraudulent activity; millions of phishing emails are sent every day. But just like any type of technology and the way it is used, phishing has evolved, and now comes in several different flavors, including:
Phishing – this is the very basic form of this kind of fraudulent activity. The perpetrator will send a mass mailing to potentially thousands of email recipients. The email being sent will falsely represent some type of large company such as a bank or payment gateway. The email will contain a message that will outline some kind of security vulnerability or account issue that needs to be fixed. And in order to make that fix, the recipient’s login details, bank details or some similar type of private information is needed. Once the reply has been received, the person sending the email is then able to use this data, for example, logging into an online banking site and transferring funds to their own account.
Spear phishing – this is an evolution of the basic phishing method. Instead of sending out a mass mailing of a generic email in the hopes of a small percentage of the recipients being fooled, the perpetrator crafts a personalized email to a single individual. The idea here, is that the extra effort it takes to target a single person in this way, is rewarded by a much higher percentage of people falling for the con. In extreme cases, the initial spear phishing email could be followed up by a full email conversation with multiple emails being sent each way, before the target finally hands over the private data that the fraudster is after.
Whaling – where phishing targets masses of people, and spear fishing targets just one person, whaling is a little different. Like spear phishing, it will target a single person. However, in this case, the person targeted will be a senior executive or high-level manager within a business. The aim of the whaling email is to extract some business-critical information from the recipient, that can be used for monetary gain. Most usually, a wailing email will emulate an official document, from a heavyweight source such as a government body, or a law firm.
Phishing Can Damage Your Business
If your company is being used as a source of authority for phishing attacks, then it is vital that the problem is addressed as quickly as possible. Ongoing use of a company name or brand as phishing bait can have a detrimental effect upon brand image, and thus have a negative effect on the bottom line.