Types of Phishing Attacks
Explore common phishing attack methods such as stolen credentials, social engineering, malware delivery, and cross-site request forgery. Understand how these attacks compromise accounts and how attackers operate to better defend against phishing threats.
We'll cover the following...
Phishers don’t need to trick everyone they email in order to be successful. They generally cast a wide net and count on someone to have an off day and go along with the attack. Duo’s The Trouble With Phishing states that 17% of people who receive phishing emails enter their credentials into phishing sites. Put another way, on average, a phisher with just six email addresses can expect to trick one of the account owners into revealing their login credentials.
It’s just an email. What’s the worst that could happen? Let’s take a look at the most common types of phishing attacks.
Phished credentials
By far, the most common phishing attack is to steal login credentials. Generally, this is done by setting up a malicious website that looks the same as the login screen for Gmail, Outlook 365, Dropbox, or another popular website.
The phisher then sends a phishing email to the intended victim. The phishing email will contain a link to the malicious website as part of a message that claims that it’s important for the recipient to click on the link and log in. If the phisher is “lucky,” Pavlovian conditioning will kick in when the user sees what appears to be a familiar login screen and the user will submit their credentials to the malicious website.
Stolen credentials can be quite damaging. A phisher who has taken over an email account can probably trigger password resets for most of the other online services associated ...