Phishing Attacks: Could Your Financial Institution be the Next Bait?

By Krystal Rennie / Adlumin, Inc.

Have you ever received an email informing you that you’ve won an all-expense paid trip to the Bahamas, in a raffle that you never entered? If so, you have been exposed to the most popular and dangerous type of cyberattack: Phishing. In today’s online world, cyberattacks are becoming a new normal. We have made a complete switch with traditional shopping, banking and data keeping practices going from in person to online. This has made the stakes for maintaining and protecting privacy even higher.

In a blog post published by Forcepoint, phishing attacks are defined as, “the fraudulent use of electronic communications to deceive and take advantage of users. Phishing attacks attempt to gain sensitive, confidential information such as usernames, passwords, credit card information, network credentials, and more.” Now that you have a little background on what phishing attacks are, let’s take things a step further and figure out what these attacks look like and how they can deeply affect and/or harm your business.

Five Most Common Types of Phishing Attacks

While they are not the hardest concept to grasp, phishing attacks have many layers to them. According to a MetaCompliance article, “research has found that 91% of all cyberattacks start with a phishing email.” However, it’s not that simple — phishing is just the umbrella term, and there are many different types of attacks that fall underneath.

Below are the five common types of phishing attacks according to the article:

  1. Spear Phishing: This type of attack is a targeted attack that focuses more on stealing sensitive data from an individual or specific organization. Personal information that is specific to the target individual or company is used in order to seem more legitimate.
  2. Vishing: This type of attack refers to “phishing scams that take place over the phone. It has the most human interaction of all the phishing attacks but follows the same pattern of deception. The fraudsters will often create a sense of urgency to convince a victim to divulge sensitive information.” These calls are usually made using a normal ID to make it seem like it is safe to answer. As an example, a hacker could pose as a representative at your bank or credit union and call to alert you that there has been questionable activity on your account. Once they’ve gained your trust, the hacker will ask for your personal account information and can use that information to commit identify fraud.
  3. Whaling: This type of attack includes a high-level choice of target; it is an attempt to steal and misuse private, personal information of senior management at a company/organization. Whaling occurs in the form of emails that are more sophisticated than phishing and are often harder to recognize due to their use of elite corporate language. The email will include personalized information about the target and/or organization.
  4. Smishing: This type of attack is unique in comparison to its counterparts as it uses SMS text to try and obtain personal information like credit card numbers, passwords and more. The text message usually includes a call-to-action demanding an immediate response or reaction.
  5. Clone Phishing: The last type of attack involves “legitimate and previously delivered email, [which] is used to create an identical email with malicious content. The cloned email will appear to come from the original sender but will be an updated version that contains malicious links or attachments.”

Consequences of a Successful Attack

Although the types of phishing attacks vary when it comes to risk levels, one thing that they all have in common is the power to damage a business. Below are a few possible results of a successful phishing attack: 

Unauthorized Transactions

Password & Username Manipulation

Account
Takeovers

Account Takeovers

Identity
Theft

Identity Theft

Credit Card Theft

Stolen
Data

Stolen Data

Stolen
Funds

Stolen Funds

Sensitive Data Sold to Third Parties

These are just a few examples of what could possibly become compromised when these types of attacks take place. It is very important that companies invest in the proper risk management tools and programs to help protect sensitive information.

Be Proactive, Not Reactive

As further stated in the MetaCompliance article, “research from Cisco found that 22% of breached organisations lost customers in the immediate aftermath of an attack, demonstrating just how seriously consumers take the security of their data.” We know that both individuals and corporations are equally at risk for experiencing phishing attacks, but we should also remember that these attacks could harm other areas like social media accounts, brand reputation and relationships with customers.

As phishing attacks become harder to detect, investing in tools like security automation platforms and anti-virus software will be the main differentiators between strong risk management plans and weak ones. The truth is, the future of phishing attacks depends on many factors. Every day cybercriminals are discovering new ways to “step-up their game” and have become more sophisticated with their attacks. With that being said, it is up to the rest of us to find new ways to combat their tactics. At the end of the day, there is too much at stake (and too much to lose) if we all do not make the shift from reactive to proactive.

For more information, check out Adlumin’s “Tips for How to Spot a Phishing Attack (PDF)”.