Why KnowBe4?

Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.

Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.

 Spear Phishing

Think of spear phishing as professional phishing. Classic phishing campaigns send mass emails to as many people as possible, but spear phishing is much more targeted. The hacker has either a certain individual(s) or organization they want to compromise and are after more valuable info than credit card data. They do research on the target in order to make the attack more personalized and increase their chances of success.

 Session Hijacking

In session hijacking, the phisher exploits the web session control mechanism to steal information from the user. In a simple session hacking procedure known as session sniffing, the phisher can use a sniffer to intercept relevant information so that he or she can access the Web server illegally.

Email/Spam

Using the most common phishing technique, the same email is sent to millions of users with a request to fill in personal details. These details will be used by the phishers for their illegal activities. Most of the messages have an urgent note which requires the user to enter credentials to update account information, change details, or verify accounts. Sometimes, they may be asked to fill out a form to access a new service through a link which is provided in the email

 Web Based Delivery

Web based delivery is one of the most sophisticated phishing techniques. Also known as “man-in-the-middle,” the hacker is located in between the original website and the phishing system. The phisher traces details during a transaction between the legitimate website and the user. As the user continues to pass information, it is gathered by the phishers, without the user knowing about it.

 Phishing through Search Engines

Some phishing scams involve search engines where the user is directed to product sites which may offer low cost products or services. When the user tries to buy the product by entering the credit card details, it’s collected by the phishing site. There are many fake bank websites offering credit cards or loans to users at a low rate but they are actually phishing sites.

 Link Manipulation

Link manipulation is the technique in which the phisher sends a link to a fake website. When the user clicks on the deceptive link, it opens up the phisher’s website instead of the website mentioned in the link. Hovering the mouse over the link to view the actual address stops users from falling for link manipulation.

 Content Injection

Content injection is the technique where the phisher changes a part of the content on the page of a reliable website. This is done to mislead the user to go to a page outside the legitimate website where the user is then asked to enter personal information.

 Social Engineering

Users can be manipulated into clicking questionable content for many different technical and social reasons. For example, a malicious attachment might at first glance look like an invoice related to your job. Hackers count on victims not thinking twice before infecting the network.

 Vishing (Voice Phishing)

In voice phishing, the phisher makes phone calls to the user and asks the user to dial a number. The purpose is to get personal information of the bank account through the phone. Vishing is mostly done with a fake caller ID.

Keyloggers

Keyloggers refer to the malware used to identify inputs from the keyboard. The information is sent to the hackers who will decipher passwords and other types of information. To prevent key loggers from accessing personal information, secure websites provide options to use mouse clicks to make entries through the virtual keyboard.

 Smishing (SMS Phishing)

Phishing conducted via Short Message Service (SMS), a telephone-based text messaging service. A smishing text, for example, attempts to entice a victim into revealing personal information via a link that leads to a phishing website.

Trojan

A Trojan horse is a type of malware designed to mislead the user with an action that looks legitimate, but actually allows unauthorized access to the user account to collect credentials through the local machine. The acquired information is then transmitted to cybercriminals.

Malware

Phishing scams involving malware require it to be run on the user’s computer. The malware is usually attached to the email sent to the user by the phishers. Once you click on the link, the malware will start functioning. Sometimes, the malware may also be attached to downloadable files.

 Malvertising

Malvertising is malicious advertising that contains active scripts designed to download malware or force unwanted content onto your computer. Exploits in Adobe PDF and Flash are the most common methods used in malvertisements.

Ransomware

Ransomware denies access to a device or files until a ransom has been paid. Ransomware for PC’s is malware that gets installed on a user’s workstation using a social engineering attack where the user gets tricked in clicking on a link, opening an attachment, or clicking on malvertising.

 Website Forgery

Forged websites are built by hackers made to look exactly like legitimate websites. The goal of website forgery is to get users to enter information that could be used to defraud or launch further attacks against the victim.

 Domain Spoofing

One example is CEO fraud and similar attacks. The victim gets an email that looks like it’s coming from the boss or a colleague, with the attacker asking for things like W-2 information or funds transfers. We have a free domain spoof test to see if your organization is vulnerable to this technique.

 Evil Twin Wi-Fi

Hackers use devices like a pineapple – a tool used by hackers containing two radios to set up their own wi-fi network. They will use a popular name like AT&T Wi-Fi, which is pretty common in a lot of public places. If you’re not paying attention and access the network controlled by hackers, they can intercept any info you may enter in your session like banking data.

What Industries Are Most At Risk Of Phishing Attacks?

Every company struggles to answer an essential question—“How do I compare with other organizations who look like me?” To provide a nuanced and accurate answer, the 2021 Phishing By Industry Benchmarking Study analyzed a data set of over 9.5 million users across 30,173 organizations with over 23.4 million simulated phishing security tests across 19 different industries. All organizations were categorized by industry type and size. To calculate each organization’s Phish-prone Percentage, we measured the number of employees that clicked a simulated phishing email link or opened an infected attachment during a testing campaign using the KnowBe4 platform. The top industries at risk in this year’s study in the small, medium and large business categories are Education, Hospitality and Insurance:

Three-Quarters of Organizations Have Experienced an Increase in Email-Based Threats

New data on the state of email security shows that nearly every organization has been the target of a phishing attack as attacks increase in sophistication.

79% of Employee-Reported Phishing Emails Go Completely Undetected by Cybersecurity Solutions

As cybercriminals increasingly turn to malwareless phishing attacks, the ability for security solutions to correctly identify a malicious email is becoming more and more difficult.

Newest FBI Report Shows $10B in Losses Last Year Due to Internet Scams

The 2022 Internet Crime Report by the FBI reported at least $10.3 billion in losses due to internet scams last year.

Request a demo

Need a demo? Request it here by clicking the button and our team will kindly assist you.