Get to know more about iCard in our blogGet to know more about iCard in our blogGet to know more about iCard in our blogGet to know more about iCard in our blog
  • Go to iCard.com
  • English
    • English
    • български
    • Italiano
    • Română
Next Previous

Learn How These 9 Phishing Attacks Work

Pavel Panayotov 22 April, 2020
How to stay protected from phishing

Identity theft for the sake of stealing someone’s money (or not) is a very real crime. Bringing fraudsters to justice is an intense exercise that requires the international collaboration of investigators and bank officials. 

Having a sophisticated AI that tracks suspicious account activities to protect your money is only the second step. Avoiding phishing and scams is a matter of proactive attitude towards the risks, which naturally includes education as the first step. 

At iCard, we believe that working together with you is the most optimal recipe for cracking down on malicious actors who aim to ruin our excellent reputation and steal your money.

We compiled this informative guide to show you how to best stay protected – what to do and what to avoid. 


What is phishing exactly?

What is phishing


The main goal of phishing (fishing) is to trick people into revealing information that can be used for monetary gains (and damage). It is a malicious attempt to hook you into revealing personal information that can be used by hackers to steal your identity or money. In most forms described below, it is an attempted computer scam that aims at collecting personal information such as 16-digit debit card number, expiry date, date of birth, national insurance number, a password for online banking and so on.


Tactics behind phishing attacks

Avoiding hackers phishing tactics


Scammers cast their nets or shoot their spears at small fish, big fish and even whales. Whatever the catch, they are happy to rip it off. 

Targeted phishing attacks

The first step usually involves gaining your trust via an unsolicited message. To do that, scammers may pose as someone you know – your financial institution, phone company, tech support, your boss, etc. Watch out for unexpected messages that request private information in order to solve a technical problem for you. 

Mass scale phishing scams

Going mass scale requires the same amount of precision, not targeting a specific person, but people with similar interests. These tactics usually include a close of a real and trusted page, such as Gmail, PayPal, Amazon or a banking website. Getting the malicious links to people can work via many channels, including hijacking search results.


The 9 types of phishing

Phishing attacks differ, based on method, target and channel. Let’s explore all:


Email phishing

Email phishing

This is the most common type of phishing because it’s simple and cheap to execute on a mass scale. It attempts, as usual, to gain your trust and reveal financial or personal information that will be sufficient for purchasing things with your debit/credit card, take out loans in your name or transfer money out of your bank account. How? The email message may come from a spoofed email address that makes it appear as if it is coming from a recognized person. This email may contain any sort of urgency, like a suspicious transaction with a link to a replica website, where you enter and reveal your username and password.


Vishing (VoIP + Phishing)

vishing attack

Going beyond email, con-artists may target people by phone. Spoofing a phone number is super easy, so you need to be very careful. The fraudster can call and present him or herself as someone you trust – your bank, your internet provider, your phone company, etc. The effort usually aims at having you reveal personal information such as account number, a password, even ask you about your last few transactions on a given debit card – any information that can be used maliciously to access your finances.


Smishing = SMS + Phishing

smishing attack

Similar to Vishing, smishing is an attack launched via the potential victim’s phone number. It aims to extract valuable information, not by social engineering in a conversation, but like any other method that uses fake links. A fraudulent text message definitely comes with an element of urgency and a request to take action. Taking action would require that you click a link, which will, of course, try to infect your phone with malware. In any case – do not follow the link prior to inspecting it. If you are unsure what to do, call the sender and let them know what is happening.


Spear phishing

spear phishing

This, as the name implies, is precision phishing. A prerequisite is that the hacker already has collected a lot of specific information about the victim, e.g. position in a company, full name, even the names of current business partners. The aim can be various, like infecting the victim’s computer with malware and gaining access to a corporate network. The scammer sends a very customized email, carefully embedding the information that is already known, tricking the unsuspecting person to believe that the email is coming from a trustworthy source. Be very careful for fake URLs and email attachments that can contain a virus. This precision attack targets both companies and individuals to steal big amounts of money or leak sensitive information.


Domain spoofing

domain spoofing

This is a common variety of phishing where the hacker sends people to a fake domain name with a very similar sequence of characters, e.g. mybusiness.com and mybusinesss.com. Notice the difference?  This tactic is used to impersonate the company and trick employees or customers into providing sensitive information.


Clone phishing

clone phishing

The name of this tactic reveals it all – it is an attempt at phishing private information by perfectly replicating an email. This is an upgrade to standard email spoofing, which historically included a lot of typos, bad grammar and other signals for fraud. The clone phishing can target employees and customers of a business. The perfect resemblance of the cloned email replica is very good at accomplishing an attack.


Whale phishing

whale phishing

Whaling or CEO fraud, as you may have guessed already, are attacks that target high-profile individuals like directors, vice presidents, CFO, COO or any other senior executive. It’s very similar to spear phishing, except the target is a big whale, not small fish. In this case, big does not mean easy to catch. Scammers take many months of researching these VIP personas – their contacts, schedules and sources – anything that can be used to target with precise information. Aiming at big targets means that a successful attack can be a huge loss for the company.


Search engine phishing

search engine phishing

This is a new and very sophisticated phishing method that aims to gain your trust by taking over google search results. It may be a company that offers fantastic deals, that require your payment information. It may be a job search website that requires you to enter all your personal information, including your national insurance number. Another way for fraudsters to take advantage is to invest a very long time to optimize a fake bank website, then offer you amazing account or card deals that, of course, take all your private information without providing the service. 

Search engines, to a great extent, are able to catch these and prevent them, but you should always be aware of the possibility because even ads on google can be malicious and for example send you to a cloned version of your bank login page.


Watering hole phishing

Watering hole phishing

This sort of phishing attack involves observing the behaviour patterns of the target and more precisely – the websites they visit. The next step involves targeting one of the websites that the potential victim regularly visits. It needs to be a less-secure website that can be infected with malware. The attacker then waits for a re-visit to the now malicious webpage to start the attack on the victim’s computer or phone and extract the needed personal information.


Phishing leads to DATA BREACHES

Here are some phishing and fraudulent email statistics for 2019 (source retruster)

  • Phishing accounts for 90% of data breaches
  • The average financial loss of a data breach is $3.86 million (IBM)
  • 15% of people who have undergone phishing will be targeted at least once more within the year
  • Business email compromise (BEC) scams resulted in losses of over $12 billion (FBI)
  • Phishing attempts have grown 65% in the past year
  • Around 1.5 million new phishing sites are created every month (Webroot)
  • 76% of companies said they have been subjected to a phishing attack in the past year
  • 30% of phishing messages are opened by targeted users (Verizon)

Knowing this should definitely switch your defence on.


How to stay protected from phishing?

Stay protected from phishing


Due to the technical nature of phishing attacks, hackers are thought to be some sort of geniuses that are just better prepared to scam us, than we are to stay protected. It’s just wrong. Here is what you can do to avoid becoming a victim:

  • Double and triple check URLs before clicking any suspicious or unknown links
  • Do not open suspicious short links and emails
  • Change your passwords often
  • Educate yourself by reading articles like this or train your employees if you are a business owner or a manager
  • Check for secured websites – the padlock that is visible on HTTPS sites. Keep in mind that this is not always a perfect indicator of a website’s legitimacy. 
  • Keep your antivirus software, windows, android or any other system – up-to-date.
  • Never install software from unknown sources
  • Use 2-factor authentication whenever possible
  • Trust your guts
  • Report phishing attacks and scams to the relevant participants – affected businesses and authorities


How to protect your money?

As you know, protecting your money is our top priority here at iCard. For this reason, we’ve prepared another read that you should definitely go over, so you can be aware of the SIM swap scam. It’s one of the possible next steps for hackers, should you unconsciously become a victim of a phishing attack. 

There are many other ways you can get scammed online. Be proactive and well-informed, in order to avoid financial loss and time wasted resolving issues. 

One last piece of advice: Freeze your iCard debit cards with a tap after each use!


Looking for a top-rated and secure money app?
Download iCard and open an account on your phone:

80

Pavel Panayotov

As a Communication Manager, Pavel is engaged with creating user journeys and presenting iCard to the world. Contributions include education, activation and engagement strategies, as well as unified cross-channel product and brand awareness campaigns. In his free time, Pavel enjoys keeping up with innovations, marketing trends, friends, family and nature.

More posts by Pavel Panayotov

Leave a Comment

Cancel reply

Your email address will not be published. Required fields are marked *

  • You may also like

    Hello and Welcome to the iCard Blog!

    Read now
  • You may also like

    Business Breakfast with iCard – Do Digital Wallets Have a Future in Bulgaria?

    Read now
  • You may also like

    How Virtual Cards Help You Stay Safe When Shopping Online?

    Read now
  • You may also like

    How SEPA vs SWIFT International Money Transfers Work Behind The Scenes

    Read now
  • You may also like

    The Ultimate Guide to Turning Money Into The Perfect Gift for Every Occasion

    Read now
  • You may also like

    7 of The Most Interesting and Sometimes Controversial New Year’s Eve Traditions Around The World

    Read now
  • You may also like

    “Cash Not Accepted” – 3 Awkward Money Situations to Avoid With a Free Visa Debit From iCard

    Read now
  • You may also like

    2018 Year in Review – Sharing The iCard Journey With You!

    Read now
Copyright © iCard AD 2023 | All Rights Reserved | Privacy Policy
  • Go to iCard.com
  • English
    • English
    • български
    • Italiano
    • Română
Get to know more about iCard in our blog