2. SPEAR PHISHING

In this type of scamming technique, scammers tend to perform extensive research about their victim's sensitive information, their background, Life, or the people they routinely interact with etc. This is so they can craft a more personal and real message.

This is why it is very important to keep your personal life away from social media like facebook etc. Or share your personal life with people that you don’t really know. This can pose a major security threat to you. and most  facebook accounts have been hacked just by the use of this technique.

And because the message looks so real and personal; users don’t often suspect that they are about to get hacked. Always check the email address and format of the letter against what you’d normally receive from that contact or company. It’s also best to call the sender and verify everything before downloading a file attachment or clicking links even if it seems like it's from someone you know.

3. WHALING

This is another sophisticated and advanced type of phishing attack, only this one targets one specific group of people, high-profile business executives like managers or CEOs. They would sometimes address the target directly in the salutation and the message could be in the form of a subpoena, a legal complaint, or something that requires urgent action to avoid bankruptcy, getting fired, or legal fees. Attackers would spend a lot of time doing extensive research about the person and crafting a specialized message to target key people in an organization who would normally have access to funds or sensitive information.

The target will be sent links to a convincing login page where access codes or login information will be harvested by hackers. Some cybercriminals would also ask victims to download an attachment to supposedly view the rest of the subpoena or letter. These attachments come with malware that can gain access to the computer or mobile phone.

4. VISHING (VISHING OR VOICE PHISHING TARGET)

Vishing or voice phishing is a type of phishing but instead of sending an email, attackers will try to get login information or banking details over the phone (so many people are still victims of this very common technique).

Attackers will impersonate staff from an organization or support personnel from a service company then play on emotions to ask victims to hand over bank or credit card details. The message could sometimes be about an overdue amount like taxes, contest winnings, or be from a fake tech support personnel requesting remote access to a computer. They might also use a pre-recorded message and phone number spoofing, making an overseas call seem as if it is local. This is done to lend credibility to the attack and make victims believe that the call is legitimate.

Please never give out sensitive information like login details, social security numbers, or bank and credit card details over the phone. Hang up and call your bank or service provider immediately instead.

5. SMISHING

Smishing is any form of phishing that involves the use of text/SMS messages, WhatsApp messages or any form of messaging software. Scammers will try to lure you into clicking a link sent with these messaging applications that will lead you to a fake site. You will be told to type in sensitive information like your credit card details, phone number, Full Name, BVN etc. Hackers will then harvest this information from the redirected malicious site.

They would sometimes tell you that you've won a prize, you have been chosen to get federal relieve trust fund, palliative etc. They can also say that if you don't type in your information you will miss out on a promo and continue to be charged for a particular service. As a general rule, you should avoid replying to texts from numbers you don't recognize. Or clicking links that were shortened e.g: https://bitlyryhhfk. 90% of Legitimate Company will never shortened their URL link.

Also, avoid clicking links you get from text messages especially if you do not know the source. Or if the link is shortened.

Hackers Shorten URL links so that you will have no clue about the actual Link the URL will finally point to. 

Example, Scammers may design a website that will look exactly as https://nibss.plc.com.ng and give it a domain name like https://nibsss.plc.com.ng which would be shortened to https://bitlyhDJFxcgr to fool their victims. When the site opens, the URL link will be translated to https://nibsss.plc.com.ng (take note of the tripple s instead of double s) and the user will think that he has been redirected to a legitimate link. and any Sensitive information like BVN the user enters will immediately get harvested by the scammers. It is also worthwhile to mention that currently, fraudsters can comfortably and effortlessly use their victims BVN to withdraw money from their bank account. So guard your personal information judiciously.   

6. ANGLER PHISHING

This is a relatively new phishing tactic that uses social media to lure people into sharing sensitive information. Scammers monitor people who post about banking and other services on social media. They then pretend to be a customer service representative from that company. For instance, if you post a rant about a delayed deposit or some bad bank service and the post includes the name of your bank. A cybercriminal will use this information to pretend that they are from the bank and then reach out to you to try to social Engineer you. You will then be asked to click on a link so you can talk to a customer service representative and then they will ask you for information to ‘verify your identity.

When you receive a message like this, it’s always best to contact a customer service representative through safe channels like the official Twitter, facebook or Instagram pages. Or preferably visiting the company. 

6. SEARCH ENGINE PHISHING

This is one of the newest types of attacks that uses legitimate search engines like google. Scammers will create a bogus and good looking website offering deals, free items and discounts on products (Like selling apple phones for $5), and even fake job offers. They will then use search engine like google to have their sites indexed by legitimate sites like Apple.com. So when you search for something, the search engine will show you results that include these fake sites. You will then be duped into logging in or providing sensitive information that is then harvested by cybercriminals.

You need to also understand that attackers sometimes use their victims fear and panic to get them to do what they want. So when you are faced with a threat; it is important to calm down so you can think.