Lesson 4: Phishing Attacks

What is a Phishing Attack?

A phishing attack is a social engineering attack in which the attacker deceives the victim into revealing personal information. Phishing usually involves some form of impersonation, increasing the chances that a victim will fall for the attack.

Types of Phishing Attacks:

• Traditional: The most common phishing, sent through email
• Vishing: Voice phishing, phishing over a phone call
• SMishing: SMS phishing, phishing through text conversations

There are also different types of phishing depending on the target. For example, Spear Phishing is used when targeting an individual. Another example is Whaling, where a high-profile person, such as a CEO, is targeted.

Characteristics of Phishing:

• Grammar/Spelling mistakes: senders from a legit company are unlikely to make these mistakes to maintain professionalism
• Unknown sender: this includes people who you have never contacted before or company names that are unfamiliar
• Suspicious links: the domain or name of the website looks unfamiliar or not legit, never click on these types of links!
• Suspicious attachments: same deal as the suspicious links. If you are unsure that it is safe, do not click it!
• Unrealistically good offers: if something seems too good to be true, it probably is. Check for other signs of phishing and refrain from clicking anything phishy.
• Asking for personal information: unless you know the company or person you are sending it to, never send out your personal information
• Urgent or threatening tone: this goes back to the principles of social engineering. Urgency and intimidation are used by attackers to get people to do what they want, beware of this!

In this next activity, we are going to use these characteristics of phishing to see if you can identify phishing attacks.