6 Popular Phishing Techniques: What You Need to Know

By Krystal Rennie / Adlumin, Inc.

In our previous blog post, we provided a 360-degree view of phishing attacks. Specifically, we took a closer look at different types of attacks – all with varying severity levels – and the dangerous and harmful consequences at risk when they are successful. In this post, we will expand upon our initial post, focusing on the methodology behind phishing.

If you have access to common accounts (e.g. email, phone, and/or social media), you have most likely been exposed to a phishing attempt. Phishing attacks are increasing in popularity and cybercriminals are finding new creative ways to successfully further their theft agendas. With that being said, the question on everyone’s mind is: where do these phishing messages come from? For starters, Phishing.org highlighted popular phishing techniques, which we have briefly outlined for you below.

Email

This technique is the most common, and often occurs when cybercriminals send emails with phishing URLs to try and obtain sensitive user information. According to a Forcepoint article, “an email may present with links that spoof legitimate URLs; manipulated links may feature subtle misspellings or use of a subdomain.” Once access is granted through these links, cybercriminals are able to successfully launch an attack.

SMS / Text Messages

This technique is used by cybercriminals to send targeted text messages in an effort to trick these individuals into disclosing personal information. This is executed through a malicious link that redirects users to a phishing website and exposes their personal information to the attacker.

Web-Based Forgery

This is one of the most sophisticated phishing techniques used by cybercriminals. According to the Phishing.org article, this technique is “also known as ‘man-in-the-middle,’ [where] the hacker is located in between the original website and the phishing system. The phisher traces details during a transaction between [a] legitimate website and the user. As the user continues to pass information, it is gathered by the phishers, without the user knowing about it.”

Malvertising

This technique involves malicious advertising including active scripts that have been created to download malware or force undesired content into victims’ networks. The most common and popular methods of malvertising includes Adobe PDFs and Flash. If you have seen these types of advertisements pop up on your browser, it is best to just steer clear.

Content Injection

This technique occurs when a cybercriminal alters a portion of content that is hosted on a reliable website. This misleads the user, and instead, redirects them away from the original destination to an external (and potentially malicious) landing page. Once they land on that redirected page, they will be asked to enter personal information.

Keyloggers

This technique incorporates malware, which is used to recognize input from a user’s keyboard. Information that is collected will be sent to cybercriminals working to decipher passwords and gain access to other types of personal information.

To learn more about how you can avoid taking the bait, download our “Tips for How to Spot a Phishing Attack (PDF).”