Major Types of Phishing Attacks scammers use to fool their victims

Written by: Destiny Idika

Reading time:
Published 3 Years Ago On Thursday, April 8, 2021
Updated 3 Years Ago On Friday, November 12, 2021
941 Views



As a matter of fact, a research conducted by cybersecurity firm Barracuda, phishing has become so rampant that the number of phishing attacks increased by a significant amount from January 2020 till date. What’s even more alarming is that according to an Intel study, up to 97 percent of people cannot identify the simplest phishing attack. To avoid becoming a victim, it is very pertinent to know most of the technique scammers could use in an attempt to try to attack you. Here are some of the major types of phishing attacks you might encounter.

1. EMAIL PHISHING

This is the typical phishing email that is designed to mimic a legitimate company like first bank, zenith bank, CBN etc. It’s the least sophisticated type of attack that make use of the "spray and pray" method.They won’t target a specific person and often they will just send out generic emails to millions of users hoping that some ignorance victims will click their malicious link, download the file  attachment, or follow the instructions in the email.
Please note that no legitimate company will ever tell you to click a link sent through mail. They will always refer you to their official website for further information.
If by any way you see such request to click a link. Verify that the Link is same as the company’s legitimate link. Also verify the sender of the mail or better still contact the company’s customer service representative.

2. SPEAR PHISHING

In this type of scamming technique, scammers tend to perform extensive research about their victim's sensitive information, their background, Life, or the people they routinely interact with etc. This is so they can craft a more personal and real message.

This is why it is very important to keep your personal life away from social media like facebook etc. Or share your personal life with people that you don’t really know. This can pose a major security threat to you. and most  facebook accounts have been hacked just by the use of this technique.

And because the message looks so real and personal; users don’t often suspect that they are about to get hacked. Always check the email address and format of the letter against what you’d normally receive from that contact or company. It’s also best to call the sender and verify everything before downloading a file attachment or clicking links even if it seems like it's from someone you know.


3. WHALING

This is another sophisticated and advanced type of phishing attack, only this one targets one specific group of people, high-profile business executives like managers or CEOs. They would sometimes address the target directly in the salutation and the message could be in the form of a subpoena, a legal complaint, or something that requires urgent action to avoid bankruptcy, getting fired, or legal fees. Attackers would spend a lot of time doing extensive research about the person and crafting a specialized message to target key people in an organization who would normally have access to funds or sensitive information.

The target will be sent links to a convincing login page where access codes or login information will be harvested by hackers. Some cybercriminals would also ask victims to download an attachment to supposedly view the rest of the subpoena or letter. These attachments come with malware that can gain access to the computer or mobile phone.

4. VISHING (VISHING OR VOICE PHISHING TARGET)

Vishing or voice phishing is a type of phishing but instead of sending an email, attackers will try to get login information or banking details over the phone (so many people are still victims of this very common technique).

Attackers will impersonate staff from an organization or support personnel from a service company then play on emotions to ask victims to hand over bank or credit card details. The message could sometimes be about an overdue amount like taxes, contest winnings, or be from a fake tech support personnel requesting remote access to a computer. They might also use a pre-recorded message and phone number spoofing, making an overseas call seem as if it is local. This is done to lend credibility to the attack and make victims believe that the call is legitimate.

Please never give out sensitive information like login details, social security numbers, or bank and credit card details over the phone. Hang up and call your bank or service provider immediately instead.


5. SMISHING

Smishing is any form of phishing that involves the use of text/SMS messages, WhatsApp messages or any form of messaging software. Scammers will try to lure you into clicking a link sent with these messaging applications that will lead you to a fake site. You will be told to type in sensitive information like your credit card details, phone number, Full Name, BVN etc. Hackers will then harvest this information from the redirected malicious site.

They would sometimes tell you that you've won a prize, you have been chosen to get federal relieve trust fund, palliative etc. They can also say that if you don't type in your information you will miss out on a promo and continue to be charged for a particular service. As a general rule, you should avoid replying to texts from numbers you don't recognize. Or clicking links that were shortened e.g: https://bitlyryhhfk. 90% of Legitimate Company will never shortened their URL link.

Also, avoid clicking links you get from text messages especially if you do not know the source. Or if the link is shortened.

Hackers Shorten URL links so that you will have no clue about the actual Link the URL will finally point to. 

Example, Scammers may design a website that will look exactly as https://nibss.plc.com.ng and give it a domain name like https://nibsss.plc.com.ng which would be shortened to https://bitlyhDJFxcgr to fool their victims. When the site opens, the URL link will be translated to https://nibsss.plc.com.ng (take note of the tripple s instead of double s) and the user will think that he has been redirected to a legitimate link. and any Sensitive information like BVN the user enters will immediately get harvested by the scammers. It is also worthwhile to mention that currently, fraudsters can comfortably and effortlessly use their victims BVN to withdraw money from their bank account. So guard your personal information judiciously.   


6. ANGLER PHISHING

This is a relatively new phishing tactic that uses social media to lure people into sharing sensitive information. Scammers monitor people who post about banking and other services on social media. They then pretend to be a customer service representative from that company. For instance, if you post a rant about a delayed deposit or some bad bank service and the post includes the name of your bank. A cybercriminal will use this information to pretend that they are from the bank and then reach out to you to try to social Engineer you. You will then be asked to click on a link so you can talk to a customer service representative and then they will ask you for information to ‘verify your identity.

When you receive a message like this, it’s always best to contact a customer service representative through safe channels like the official Twitter, facebook or Instagram pages. Or preferably visiting the company. 

6. SEARCH ENGINE PHISHING

This is one of the newest types of attacks that uses legitimate search engines like google. Scammers will create a bogus and good looking website offering deals, free items and discounts on products (Like selling apple phones for $5), and even fake job offers. They will then use search engine like google to have their sites indexed by legitimate sites like Apple.com. So when you search for something, the search engine will show you results that include these fake sites. You will then be duped into logging in or providing sensitive information that is then harvested by cybercriminals.

You need to also understand that attackers sometimes use their victims fear and panic to get them to do what they want. So when you are faced with a threat; it is important to calm down so you can think.




The need for a top business owner or organization to have a professional, scalable, Fast, Optimized,Efficient, Very Secured web application (website) can never be over emphasized.
However, With this great tool (Web Application) Business Owners will definitely and Undoubtedly solidify their online presence, improve their Search Engine ranking, eliminate the likelihood of Missing out on search engine queries / results by prospective clients whom may search for a business like theirs on search engines like Bing and google, stay toe to toe with Compititors who already have a web application etc.
Read Now Top 15 Reasosns why you need a website for your Business
You don’t need to do all of these alone, We got you covered!! Contact us now your satisfaction is always our priority. price definitely won't be a problem.

Thanks for reading



50 C# (C Sharp) For Loop programming questions and Solutions for Developers and college freshers

Comparison between WhatsApp vs Telegram vs Signal and the difference between them