One of the most common ways scammers steal your sensitive information online is by employing a technique known as “phishing.”
You may have heard this term before, but do you know what all the different types of phishing scams are? Keep reading to find out what phishing scams are most common in 2021, so you can be on the lookout and avoid falling victim to a phishing attack.
What is a phishing scam?
Phishing scam definition:
“The practice of using fraudulent e-mails and copies of legitimate websites to extract financial data from computer users for purposes of identity theft.”
What are phishing scams trying to do?
Though their techniques can vary, all phishing scams have one thing in common: they’re trying to trick you into giving up or letting them steal sensitive information, such as account logins/passwords, bank account/credit card numbers, PINs, social security numbers, etc.
They often do this by soliciting information from you via email or on fake sites, or by getting you to click on a link or download an attachment that installs malware onto your device to log your personal data.
Phishing scams can target anyone who has an email, but scammers particularly like to target employees of medium- to large-sized businesses and organizations.
6 Common Phishing Scams in 2022 + Examples
1. Spear Phishing
Spear phishing is a highly targeted form of phishing attack in which a scammer uses data they have already collected about you, your employer, or someone you know to create a sense of urgency.
Standard email phishing scams may send out hundreds or thousands of generic emails (like casting a fishing net) to try and get someone to bite and fall for the scam. In comparison, spear phishing attacks choose specific victims to target.
This allows scammers to personalize emails, which can trick you into letting your guard down because you might think you know the sender or have some connection to them.
Spear Phishing Example:
One spear phishing campaign was targeted at Sony employees, whose names and titles scammers looked up on LinkedIn.
Once the scammers had this information, they sent personalized emails to the employees that appeared to come from Apple and requested them to verify their Apple ID credentials.
This is just one example of an Apple phishing scam, as phishers often try to make emails appear to be from big, reputable companies.
2.Whaling
Whaling is similar to spear phishing, but it is even more targeted. Instead of going after many employees of the same company, scammers will try to target senior members, or “big fish,” of a company to steal their data.
Whaling attempts usually try to create a fake sense of urgency to get an executive to click a link or download something that installs malware on the company’s network. This malware then works in various ways to steal money from the company.
Whaling Example:
In 2015 a top finance executive at Mattel, the global toy giant, received an email regarding the transfer of $3 million to a bank in China.
The email allegedly already had the signature of Mattel’s CEO on it and the finance executive never suspected a thing. They approved the transfer only to find out that it was a scam after discussing it with the CEO.
3.Vishing
Vishing is short for “voice phishing.” These phishing scams use voice phone calls or voicemails to trick their victims into giving up sensitive information.
The scammers often pretend to be from a large organization, such as your bank or a government office and try to get you to provide them with information like your credit card number or social security number.
Vishing Example:
There was an Amazon phishing scam that employed the vishing technique. The scammers started by sending an email notifying the recipient that an order for something expensive had been placed through their Amazon account and asking them to confirm it by calling a number.
Naturally, there was no order, so many panicked recipients called the number to find out what was going on, which is where the vishing came in.
Whenever a target called the fake number, someone on the other end of the line pretended to be from Amazon’s customer service team and asked them for information including their name and credit card number to supposedly look up the order.
4.CEO Fraud
CEO fraud is similar to whaling, but the scammers pretend to actually be the CEO or another high-ranking member of their victim’s company.
They then try to trick their target into transferring company funds, updating payroll information, or installing a new app (i.e. malware) on their company computer.
CEO Fraud Example:
In 2016 an upper-level employee at Snapchat received an email that they thought was from the CEO. The scammers were eventually able to dupe the employee into providing sensitive payroll information.
5.Clone Phishing
Clone email phishing scams are a type of email phishing scam that copy, or clones, real emails from reputable companies.
The scammers then replace or add links and attachments with malicious ones that are meant to install spyware on your device before resending the email.
They usually preface the email by saying there was a problem with the links or attachments in the original email to try and get you to click on or download them.
Clone Phishing Example:
There have been other Amazon phishing scams that employed the clone phishing technique. These emails look just like legit Amazon emails informing users that they have earned some kind of reward or discount on their Prime account, but they include malicious links.
6.Search Engine Phishing
Search engine phishing is when scammers create websites that appear legitimate and get them to appear organically in search results on major search engines, like Google.
In some cases, these web pages may even attempt to look like they are part of a popular shopping site, such as eBay.
These sites often feature enticing shopping deals or other offers that prompt you to create an account and enter your personal information when you click on them.
Search Engine Phishing Example:
Say you’re browsing Google looking for deals on art supplies, and you see a link offering a great price for paint brushes. The link takes you to what looks like an Amazon login page, and you think “oh, great, I have an Amazon account!”
You then enter your username and password, only to find that it doesn’t actually take you to your Amazon account. This is just one example of how search engine phishing scams can work.
How to prevent phishing scams:
- Always double-check the URLs of sites
- Make sure the domains emails are sent from are legit
- Protect your computer with anti-malware software
- Update your mobile devices regularly
- Protect accounts with multi-factor authentication
- Backup your data in the cloud or on an external hard drive
- Learn how to spot phishing emails