How to help you protect yourself from scammer
Your personal information is a gold mine for fraudsters.
What does phishing mean?
A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.
The 5 Most Common Types of Phishing Attack
1. Email phishing
Most phishing attacks are sent by email. The crook will register a fake domain that mimics a genuine organization and sends thousands of generic requests.
The fake domain often involves character substitution, like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’.
2. Spear phishing
The first, spear phishing, describes malicious emails sent to a specific person. Criminals who do this will already have some or all of the following information about the victim:
- Their name.
- Place of employment.
- Job title.
- Email address; and
- Specific information about their job role.
You can see in the example below how much more convincing spear phishing emails are compared to standard scams.
*Both phishing email are sent by our CEO’s name
3. Whaling
Whaling attacks are even more targeted, taking aim at senior executives. Although the end goal of whaling is the same as any other kind of phishing attack, the technique tends to be a lot subtler.
Whaling emails also commonly use the pretext of a busy CEO who wants an employee to do them a favour.
4. Smishing and Vishing
With both smishing and vishing, telephones replace emails as the method of communication.
5. Angler phishing
A relatively new attack vector, social media offers several ways for criminals to trick people. Fake URLs; cloned websites, posts, and tweets; and instant messaging (which is essentially the same as smishing) can all be used to persuade people to divulge sensitive information or download malware.
Report phishing emails
When we identify that an email may be phishing or suspicious, we might show a warning or move the email to Spam. If an email wasn’t marked correctly, follow the steps below to mark or unmark it as phishing.
Important: When you manually move an email into your Spam folder, Google receives a copy of the email and any attachments. Google may analyze these emails and attachments to help protect our users from spam and abuse.
Report an email as phishing
- On a computer, go to Gmail.
- Open the message.
- Next to Reply , click More .
- Click Report phishing.
Report an email incorrectly marked as phishing
- On a computer, go to Gmail.
- Open the message.
- Next to Reply , click More .
- Click Report not phishing.
Please kindly forward the email to the IT department for further action, including blocking the sender’s email. Thank you.
This article has been created for internal security training purposes. However, please note that the accompanying image may be deleted if there are any copyright issues.
References:
Gmail Help
itgovernance