Phishing, Vishing, Whaling... What does it all mean?

Email Phishing

The most common type.

Usually, scammers pretend your email account was compromised. They’ll send a link to update your password and then take over your email account, often sending a group message with malware or a link to your contact list.

Red flags: Mispelled business names in the email address, addresses that don't end in .uk or .com, grammatical errors, spelling mistakes, or a generally unprofessional-looking email where graphics seem just a little bit ‘off’.

Smishing

These are carried out purely by text message (SMS).

Fraudsters pretend to be the Government, banks, even postal delivery services. They ask you to head to a link and provide personal details.

Proofpoint reports that smishing grew by 700% in the first half of 2021 compared to the last half of 2020.

Red flags: Scammers capitalize on urgency and fear. 'Click now' or risk missing out on something. Reputable sources normally issue several reminders and the tone, while urgent, does not feel pushy.

Spear phishing

Phishing that targets a specific individual, group, or organisation via email or electronic message, much like a spear aimed at a bottom feeder or fish.

These cybercriminals tailor their messages and landing pages to issues that are relevant to a person’s career or lifestyle. Even high-ranking targets within organisations, like top executives, can find themselves opening emails they thought were perfectly safe. This enables attack networks within an organisation. Sneaky, isn’t it?

Red flags: Email addresses that look similar to reputable ones, but just a bit off. Invites for external meetings you don't recall hearing about. When in doubt, ask your IT or Cybercrime department to investigate.

Vishing

The classic phone call.

Scammers demand urgent information from you, posing as a bank, a debt collection company pressing for unpaid bills, a tech company stating your laptop has a virus...

Red flags: The message can sound robotic, not speak English fluently, or the call quality can be poor. Again, reputable companies will issue plenty of official warnings to get in touch with you. Don't fall for it.

Whaling

Scams target CEOs, CFOs, or other important figures.

More advanced than spear fishers, these scammers use LinkedIn and other professional networks to find out as much as possible about a target and customize messages to attract them. They can claim your business is in financial trouble and you need to act fast.

Red flags: Along with death and taxes, phishing is one of the few certainties in life. We've all been there, regardless of our position in a company. If anything external looks urgent, it's probably a scam. Who would contact you without going through the proper channels? Forward it to IT; they will research and blacklist it.  

For the past eleven years, we’ve been named one of the Top 20 IT Training Companies in the World. We offer more than 400 accelerated courses to help you stay savvy, including Cybersecurity Analyst, Coder, and Manager. Perhaps one of them is right for you? Get in touch.