View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 17, 2016updated 18 Oct 2016 2:28pm

4 common phishing attacks and how to recognise them

There are apparently millions of phishing attacks each day - but what do they look like?

By Alexander Sword

Phishing is a type of cyber attack that lures users into giving up personal information to the attacker. There are many ways to do this. CBR has looked at some common types of phishing attack and how they work.


1. Carrot or stick

The most basic form of a phishing attack is generic and aims wide rather than deep.

The communication will simply ask for information under a pretext or invite the recipient to click a link. It could be masquerading as a legitimate company, such as a bank, and saying that it requires your login details.

Often the attack will exploit the recipient’s fear in order to provoke a reaction. It could, for example, claim to be from law enforcement officials and claim that the recipient had committed a crime, asking for personal details to verify their identity.

carrots-673184_1920It could also claim that they were the victim of a cyber attack or that they are the winner of a contest.

A recent phishing scam in the UK sent emails purportedly from the Land Registry. The Government said that the fake emails could be identified by the domain name of the sender.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

It is unlikely that a legitimate company will ever ask for potentially sensitive financial information via email. If you do think the email is legitimate, try to contact the company via phone instead.

2. Cry for help

More advanced than the scatter-gun approach, this type of attack may be fine-tuned to work in some knowledge of the person it is targeting.

Using information available on social networks, the attack could pretend to be from a friend or family member.

airport-1659008_1920The email might say that the claimed sender is stranded somewhere and requires a transfer of funds to get home.

To carry this kind of attack out, the attacker might have a mechanism for taking over the email addresses of those who are affected. That person’s email address will then send out the phishing emails to all of this person’s email contacts, giving authenticity to the scam.

These emails can be embarrassing for the sender as well, especially if work or business contacts are on their email contact list and get sent this kind of request.

Again, to verify if the communication is authentic, it is always best to get in touch via another means of contact such as phone.

3. The command from above

So much of work communication is conducted over email nowadays that it would hardly be out of the ordinary to receive a request for important data from your boss.

Hackers know this as well, and many phishing scams masquerade as an email from a senior official in the organisation and request sensitive company data.

evan-spiegelThis type of phishing attack was used in the attack on Snapchat on 26 February, when a scammer impersonated Snapchat CEO Evan Spiegel in a request for employee information.

One employee fell for the scam, providing the payroll information of around 700 current and former employees.

There are numerous advantages to this approach for the hacker. For one thing, employees are likely to be keen to respond quickly and thoroughly to a communication from their boss; they may be less willing to ask questions or request clarifications that could expose the email as a fake.

The disadvantages are that it requires far more planning and data to construct such an attack than a less targeted scam. The attacker will need specific information about the employees they are addressing and the data they are after.

4. Payment problems

paypalIf you shop online it is likely that you use services such as Amazon, eBay or PayPal to do so.

A common phishing attack claims that you have had problems paying for an item that you have purchased through one of these services.

It could say that the item cannot be shipped to you due to these payment issues.

The email text may include a link that directs you to a website that looks like the legitimate site, but is actually a close mock-up. The URL may even look similar, with the characters in a slightly different order.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.