We’ve touched on phishing in some of the other sections, but with this field comprising such a large portion of online scams, it’s good to know about the different types to look out for. In fact, the common element in almost all types of internet scams is the initial “phish.” This is the act of tricking you into providing some kind of information that is later used to scam you.
The odds of pulling off a successful scam are low, so the pool of potential victims has to be very large. The easiest way to contact a large number of people with almost no effort is through email. In some cases, phishing emails attempt to direct you to a clone of a trusted website where you’re likely to enter login credentials, or try to make you download malware.
In a dedicated phishing post, we look at the how to avoid or repair the damage done by common phishing scams, some of which are explained below.
Spear phishing is very targeted and the perpetrator typically knows some of your details before they strike. This could be information gleaned from social media, such as recent purchases and personal info, including where you live. A phishing email or message might be crafted based on those details, asking for more information including payment details or passwords.
This is geared toward businesses and targets high-level executives within corporations who have access to the email accounts of someone in authority. Once they have access to that email account, they can use it for other means such as accessing employee information or ordering fraudulent wire transfers (see also: CEO fraud).
This is an even more targeted version of whaling where the main goal is to obtain employees’ W-2s or contractors’ W-9s. Recents cases have involved schools, hospitals, and tribal groups, as well as businesses. The email might be from an actual or spoofed executive account or might appear to be from the IRS or an accounting firm. Once provided, the documents give criminals everything they need for identity theft.
Phishing to deliver ransomware
As if the phishing itself isn’t bad enough, many emails come bundled with ransomware. This way criminals can get an increased payload for their efforts.