No, not that kind of fishing...
Hello puff, do you want to learn about phishing?
Yeah!
Ah, ok...
Phishing is one form of social engineering.
Good, when talking about phishing most people think of Email phishing.
Do you mean there are several types of phishing?
Yes, within the social engineering type phishing there are sub-types such as:
Ahh, social engineering I have heard about before.
As I said the most known type of phishing is the Email phishing. Phishing in general is when someone pretending to someone they are not such as your bank, post-office or even an colleague or friend. and Email phishing is when it is done throug email.
Do you have any example?
Ah, ok, i think I´ve got it.
Imagine you receive an email that looks like it’s from your bank, complete with logos and official language. The email might say there’s a problem with your account and ask you to click on a link to fix it.
And, let me guess, I should not click it?
Exactly if you click the link, it would take you to a website that looks just like your bank’s website. But it’s not. It’s a fake website set up by the person who sent the email. If you enter your account details on this fake website, the person who set it up now has your bank information, and can access your real bank account.
Ok, so if I have understood it correctly, Email phishing is a trick done through email and is a social engineering type used by criminals to get my personal information by pretending to be someone they’re not.
Yes, and It’s important to be careful and double-check any emails asking for personal information. If you’re not sure, contact the company directly using a phone number or website you know is real.
You said it was other types also.
Ok, ok… But you mentioned other types, smish…something…
There is also something called spear phishing and whaling. The first type is working the same way as email phishing BUT with one difference, it is designed and adapted for the recipient and not as general as regular email phishing. Whaling which is an even more targeted way of phishing. It is aimed at senior executives within the organizations.
You mean smishing, vishing and quishing?
Yeah…
All these types are working in similar ways of email phishing but Smishing is done throug SMS or other chats (messenger, whats up etc.).
Vishing is done by phone (talking not writing). Vishing is an attempt to obtain sensitive information by posing as someone else through talking and manipulating in a more direct way.
Quishing is phishing through QR-codes. The bad guy uses QR codes, either manipulated ones or their own where they rely on human curiosity. The QR code takes you to a malicious website or prompt where you are encouraged to give information or download harmful content.
Ahhh… I think I understand.
Email Phishing is the most known type, where the attacker impersonates a trusted entity (like a bank or a colleague) via email.
Spear Phishing is email phishing but the email is specifically tailored for the recipient.
Whaling is the same as spear phishing but aimed at senior executives.
Smishing is phishing conducted through SMS or other chat platforms.
Vishing is phishing through phone calls and Quishing is phishing through manipulated or attacker-generated QR codes.
Yes, exactly and remember, there are other types of phishing out there and several types of social engineering, so keep your eyes open and be careful.
The people behind The Security Dragon have combined 25+ years of experience within the security sector.
