Cyber Security Awareness Poster
Phishing is not a one-size-fits-all scam. There are many types of phishing scams. Here are just a few different ways scammers may phish for your information.
Social Engineering – Social engineering is a manipulative technique used by individuals or groups to deceive and manipulate others into revealing confidential information, performing specific actions, or providing access to sensitive systems or resources. It exploits human psychology and trust to achieve its objectives rather than relying on technical vulnerabilities. Social engineering attacks can target individuals, organizations, or even entire communities, and they come in various forms. Phishing involves sending deceptive emails or messages that appear to come from a trusted source, such as a bank or a reputable organization. These messages often contain urgent requests for personal information, login credentials, or financial data.
Vishing – Vishing, short for “voice phishing,” is a type of social engineering attack that involves using phone calls to trick individuals into revealing sensitive information or performing certain actions. Vishing attacks rely on the manipulation of human psychology and trust, much like other forms of phishing, but they occur over the telephone. Scammers can impersonate loved ones or tech support, they often create a sense of urgency or fear, and they will usually request some type of sensitive information or compensation. It is very easy for these people to spoof a phone number to make their call seem more legitimate.
Smishing – Smishing, short for “SMS phishing,” is a type of cyberattack that involves the use of text messages (SMS) to trick individuals into revealing sensitive information, clicking on malicious links, or taking harmful actions. Smishing attacks leverage the same principles of social engineering seen in email phishing and vishing (voice phishing), but they occur through text messages. In some cases, smishers may use number spoofing techniques to make it appear as though the text message is coming from a known or local phone number, further increasing the chances of the victim falling for the scam.
Business Email Compromise – Business Email Compromise (BEC) is a sophisticated and targeted cyberattack where scammers use spoofed or compromised email accounts to manipulate employees within an organization into revealing sensitive information or performing fraudulent actions. BEC attacks typically involve a combination of social engineering, deception, and careful planning. BEC attackers often gain access to or compromise email accounts belonging to employees or high-ranking executives within an organization. Alternatively, they can use techniques to spoof email addresses, making it appear as if the email is coming from a trusted source within the organization. To avoid raising suspicion, attackers may use tactics like sending emails during off-hours or holidays when verification is less likely. BEC attacks are financially motivated and can result in significant financial losses and reputational damage. Therefore, organizations must remain vigilant and proactive in their efforts to combat this type of cyber threat.
CEO Fraud – CEO Fraud is a specific type of business email compromise where the attacker impersonates the CEO to get employees to send sensitive information or money. It is important if you receive an odd request from your CEO to verify the request through alternate means of communication.
Whaling – Whaling is a specific type of phishing attack that targets high-profile individuals within an organization, typically senior executives, CEOs, or other top-level management personnel. The term “whaling” is a play on the word “phishing” and is used to describe attacks that aim to catch the “big fish” or “whales” within an organization.
Pop-Up Phishing – Pop-up phishing is a type of cyberattack where malicious pop-up windows or dialogs appear on a user’s screen, often while they are browsing the internet. These pop-ups are designed to deceive and manipulate individuals into taking specific actions that can lead to the theft of sensitive information or the compromise of their computer systems. Attackers create fake pop-up messages that mimic legitimate alerts, warnings, or notifications. These pop-ups can appear on websites, in email messages, or as standalone windows while users are browsing. To resolve the issue presented in the pop-up, users are typically asked to provide personal information such as login credentials, credit card numbers, or social security numbers. This information is then captured by the attackers.
CourseVector grants permission to use this artwork for any non-commercial purpose as long as the CourseVector contact information remains, as is, on any reproduction or use.
