Popular Phishing Methods (provided by Solarwinds)
1. Phishing emails that deliver other threats
Phishing emails are so successful they are commonly used for hackers to deliver dangerous payload (malware) under the guise of a link or a familiar attachment. This can be in an email, a text or even a social media chat message. It is also common for Tech Support Scammers to use phishing methods to promote their fake business, again with the success behind this form of attacks, tech support scammers are able to get believable forms right to your eyes and use emotion and scare tactics to get you to click where they want.
2. Payment/Delivery scam
This is probably the most common phishing attack, especially amongst individuals and smaller businesses. With this method, attackers send a fake invoice from a reputable supplier or vendor, such as Amazon or Shutterfly. The attacker will copy real emails sent from Amazon and Shutterfly, etc., tweak the links and add malicious attachments and resend them out to a massive amount of people.Attackers can replicate more than just emails. Every website has code that can be easily accessed and edited. You can see for yourself by pressing F12 on a website and it will show you that pages HTML code that was used to make the website. Hackers will copy this code, word for word, and send links to it in their emails. You will be taken to a page that looks exactly like Facebook or Amazon but it is owned by a cyber criminal; This attack is called Pharming or Website Spoofing.
3. Spear phishingSpear phishing is a targeted phishing attack that involves highly customized lure content. Attackers start with reconnaissance; They get a notepad and browse social media and other information sources about their intended target; Name, sex, birthday, family members, address, phone number, email, favorite products, etc. With this personal information, hackers can tweak emails, messages or other phishing content to pair better with you.
Spear phishing may involve tricking you into logging into fake sites and divulging credentials. I may also lure you into opening documents by clicking on links that automatically install malware. With this malware in place, attackers can remotely manipulate the infected computer.
The implanted malware serves as the point of entry (a backdoor) for a more sophisticated attack, known as an advanced persistent threat (APT). APTs are designed to establish control and steal data over extended periods. Attackers may try to deploy more stealthy hacking tools, move to other computers on the network and regularly extract data from compromised networks.