Employees of United States corporations are frequently becoming victims of phishing attacks. One of the reasons for that are hackers which impersonate various corporate website trying to get victims money.
It is important to know what phishing techniques hackers can use against you in order to be prepared for the attacks. Below we describe several most common techniques used by hackers.
Email and Spam
This is the most common type of phishing attack. Hackers send malicious e-mails to all e-mail addresses they can get their hands on. These e-mails usually contain requests to urgently do something, like confirming an account, changing address, verifying identity. In order to do this, hackers will then direct a user to a website which will ask them to fill in the form with personal details. These details will later be used for illegal activities.
Spear phishing is a type of phishing when hackers target their attack to a specific number of people or a certain person. It is different from the typical phishing attack where hackers send the malicious e-mail to thousands of e-mail addresses in a hope that someone will get caught. In the case of spear phishing hackers will try to extract important information about the user from the open sources on the internet, leaked databases, phone books. For example, lots of e-mail addresses of corporate employees could be extracted from the internet forums, blogs, and other open sources. Recently LinkedIn also became a popular source of such information for hackers. After hackers get all information they can get about a person they launch a customized attack making sure to use all information they got to deceive their victim.
In the case of content injection hackers attack a credible website and change information on it in a way to redirect users to the malicious page where information could be gathered by hackers. For example, hacked shopping site could send to a malicious payment page where the user will be asked to enter their credit card information. This credit card information won’t be used for the payment but instead, hackers will later use it for illegal activities.