Four Most Common Phishing Attacks: Email, Phone Call, Text Message and USB Baiting

What is Phishing?

A type of fraud in which emails pretending to be from reputable companies attempt to trick victims into providing personal data, such as passwords and credit card numbers. 2015 McAfee survey found that 97% of consumers were unable to correctly identify phishing emails.

Phishing Attacks
Phishing Attacks

E-mail Phishing

Fake emails that appear trustworthy with the goal of extracting personal data for monetary gains. Phishing scams often include attachments that load malware onto a computer or links to illegitimate websites that can trick the victim into handing over personal data.

  • 91% of advanced cyber-attacks begin with email.
  • 50% of recipients open emails and click on phishing links.
Email Phishing Attack
Email Phishing Attack

Phone Call (Vishing)

The telephone equivalent of phishing. Cyber criminals use recorded phone messages to scam victims into surrendering private information such as social security numbers and bank details.

  • TIp: Never answer an unknown number and never give personal information over the phone.
  • Vishing has caused a global loss of $46.3 billion per year.

Text Message (SMShing)

The act of using text messages (SMS) to lure victims into downloading mobile malware, visiting a malicious website, or calling a fraudulent phone number. SMShing messages are usually crafted to elicit an immediate action, requesting personal information and private account details.

  • Tip: Do not attempt to reply to the message or click any links. Delete the message and block the sender’s number.
  • A Pew Research survey found that 32% of smartphone users install antivirus software on their devices.

USB Baiting

In a (USB) phishing strike, cyber criminals leave USB devices for people to find and plug into their computers in hopes to find its rightful owners. Compromised USB drives can be used to inject malicious code, redirect you to phishing websites, or give a hacker access to your computer.

  • Tip: Always resist the temptation to pop a “found” USB stick into your computer just to see what’s on it. Instead, turn it into the IT Department.
  • The average cost of a phishing attack for a mid-size organization: $1.6 million.

Source: Inspired eLearning: Most Common Phishing Attacks Infographic