![\"Types](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2019\/06\/Phishing-Types.png\")
<\/p>\n
Let\u2019s run through the different types of phishing attacks and the most common methods hackers are using to perpetuate them in the real world today.<\/p>\n
For more information about phishing please refer to our guide on the topic:<\/p>\n
Further reading<\/span>\u00a0Anti-Phishing Guide<\/a><\/p>\n Whaling is a specific type of spear-phishing that aims to target executive-level employees at major companies. These fraud messages look more professional and warn the recipient of issues with their technology accounts. If the upper-level person divulges a password or piece of critical information, it can put the entire operation at risk.<\/p>\n Further reading<\/span> How to Prevent Spear Phishing Attacks<\/a><\/p>\n Further reading<\/span>\u00a0Clone Phishing Explained<\/a><\/p>\n Check out these marketing templates that we created to help MSPs sell Microsoft 365 as a managed service:\u00a0<\/span><\/strong><\/p>\n Download a set of free white-label templates designed to help MSPs sell Microsoft 365 as a managed service.<\/p>\n<\/div>\n The most common types of phishing attacks are designed to convince users to click on a malicious link in a fraudulent email. It may redirect the person to a rogue website that will urge the person to divulge a password, credit card number, or other pieces of identifying information.<\/p>\n Phishing emails can be tricky to detect because of link manipulation. Hackers will disguise their malicious URLs inside of an HTML hyperlink that will have a label that looks to be harmless.<\/p>\n The most common tactic in filter evasion is for the hackers to embed links or text within table cells instead of in plain HTML text. This makes it harder for the filter scans to treat the text as a regular string of characters and may allow the message to slip through the cracks.<\/p>\n Links from these types of phishing emails often lead to suspicious websites that will attempt to clone pages from a reputable company, including banks and retailers. The hacker will design their website with forged content that may disguise the URL in the browser or the SSL certificate.<\/p>\n Even if you verify that a link from an email points to the proper URL, it does not mean that clicking on it is safe. Due to a vulnerability known as a covert redirect<\/a>, hackers are able to exploit an authentication method on certain websites and introduce a pop-up window that is capable of stealing your username and password.<\/p>\n The concept of social engineering covers a range of scenarios where a cybercriminal tries to gain your trust in order to steal credentials or other identifying information. Such an attack usually involves psychological manipulation, or even establish real-world relationships built over time that carry over into the online space and result in the victim developing trust of the attacker.<\/p>\n Further reading<\/span>\u00a0Social Engineering Prevention<\/a><\/span><\/p>\n Voice phishing is a newer trend that is spreading across much of the world. During these types of phishing attacks, you receive a series of calls to your mobile or landline phone from a computerized or human source. The attacker will usually pose as a bank or utility company notifying you about an issue with your account. This is a scheme to gain your trust so that you will provide your credit card or social security number over the phone.<\/p>\n Due Diligence:<\/b> Educating yourself on the evolving particulars of different types of phishing threats and staying vigilant are the two primary ways to avoid becoming a victim. Every time you receive an email with a hyperlink, double-check the sender and verify the URL. Laziness or complacency can lead to a costly mistake.<\/p>\n Secure the Connections:<\/b> If you use a public wi-fi network, be even more careful about how you connect online. Lurking near these spots, which are rarely secured, is a favorite bad guy strategy that almost guarantees access to private information. The best way to fight back is by installing a virtual private network (VPN). This service has gained recent popularity as perhaps the best anonymity and security tool at your disposal. Given the rising risk climate, consider a VPN mandatory any time you\u2019re online.Types of\u00a0Phishing<\/b><\/h2>\n
Spear Phishing and Whaling<\/b><\/h3>\n
![\"Types](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2019\/06\/Spear-phishing-and-Whaling.png\")
When a phishing attack bypasses the large, generic group target strategy, and instead pursues a specific person, organization, or company, it becomes classified as spear-phishing. Typically the message will contain the recipient's name or other identifying information to lend a flavor of credibility.<\/p>\nClone Phishing<\/b><\/h3>\n
![\"Types](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2019\/06\/Clone-Phishing-1.png\")
Clone phishing is a subtype of spear-phishing that aims to replicate another email message that the recipient has previously received. For example, if the hacker can determine that a person recently received a shipment tracking email notification, then they may launch a clone phishing attack that sends a fraudulent message tailored to look like the same thing.<\/p>\n![\"MSP's](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2020\/06\/How-to-Sell-Microsoft-365-Backup-Services-4.png\")
<\/div>\n![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/264020e3-ba89-4e4a-842f-f8cf5f33a295.png\")
<\/a><\/span><\/span>\n<\/div>\n<\/div>\nPhishing Methods<\/b><\/h2>\n
Link Manipulation<\/b><\/h3>\n
![\"Types](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2019\/06\/Link-Manipulation-1.png\")
<\/p>\nIf you hover over the hyperlink in your mail application, you will be able to see the true URL hiding.<\/q><\/p>\n
Filter Evasion<\/b><\/h3>\n
![\"Types](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2019\/06\/table-email.png\")
Every top email provider or client application includes a junk mail filter tool that automatically scans incoming messages and flag ones that have a high likelihood of being malicious in nature. Hackers realize this and design their phishing attacks to circumvent the blocks<\/a>.<\/p>\nWebsite Forgery<\/b><\/h3>\n
Covert Redirect<\/b><\/h3>\n
Social Engineering<\/b><\/h3>\n
Voice Phishing<\/b><\/h3>\n
Tips for Protecting Yourself<\/b><\/h2>\n
![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/aa07fdb8-7776-46a5-9fa0-ec6e93f0f0a6.png\")
<\/a><\/span><\/span><\/div>\n
\nHidden Risk in Data Center Downtime: <\/b>You might think breach attempts on your web host servers are their problem, but the reality is that purveyors of malware strains like Venom<\/a> bypass connections and trick your host into going into emergency maintenance mode. During this downtime, malware is introduced that allows a hacker to take over a data center and all the websites stored on servers. It\u2019s the ultimate inside job.<\/p>\n