Phishing Explained

The term which type of phishing technique involves sending text messages to a potential victim’s smartphone typically refers to attacks that arrive via email. In the simplest form, attackers use mass-market tactics such as sending an email that looks like a message from a major bank, convincing victims to click on a link and hand over their password and other sensitive information. This information can then be used to steal money, infect devices with ransomware or, at the very least, gain entry into an account.

Streamlining Security for SMEs: Exploring the Top Password Managers Tailored for Small Businesses

More advanced phishing attacks involve targeted social engineering that targets specific individuals and businesses. For example, a spear phisher might research the names of employees within an enterprise and then send an email posing as a department head. This attacker would then request access to internal documents such as project invoices. The email might even include a fake version of the company?s logo to make the document appear more legitimate. A sophisticated variant of this is whale phishing (or whaling), which is designed to target CEOs and other high-value individuals.

Attackers also deploy techniques such as smishing, which leverages malicious text messages to trick users into accessing malware on their mobile devices; vishing, where attackers leave voicemails urging the victim to call a number and hand over their personal information; and pharming, which involves redirecting users from legitimate websites to phishing sites that can collect data. In addition, attackers can employ man-in-the-middle exploits to hijack a victim?s connection to free Wi-Fi in a so-called evil twin attack.