MailSafi Glossary of Terms
The fraudulent practice of sending emails masquerading as some other person or in order to trick the recipient into revealing personal information such as name, passwords, address, bank details, credit card numbers, and so on.
Types of phishing
• Spear phishing: This is a targeted approach to phishing unlike bulk or group phishing. The attacker gathers information about its target through sources like social media and sends a personalized email that might include information like their full name, company's name, job title, or details of their job role. Gathering information about makes it easier for the attackers to deceive their targets.
• Whaling: Whaling refers to targeting 'big fish'—the senior management in a company. It's difficult for the attackers to lure in senior executives. Therefore, emails drafted for whaling attacks are made to appear as though they are from government offices, courts, or clients.
• Clone phishing: This attack has two levels of compromise. In the first step, the attacker hacks the contents of either the sender's or receiver's emails. In the second step, the attacker replaces the files in the legitimate email with malware and imitates the sender's identity.
• Angler phishing: Social media has become a popular channel for interacting with companies and financial or government institutions. Phishing attacks on social media can be highly targeted as information about user interest is freely available. The attackers share fake tweets, posts, or malicious URLs with their targets on social media, masquerading their true identity. This is called angler phishing. These attacks can be avoided if social media users are cautious enough to identify and interact with verified company accounts only.
• Smishing and Vishing: These phishing attacks are carried out using telephone. Smishing uses a text message whereas vishing uses a voice call as a tool for deception.