Phishing attacks are an extremely common way hackers can gain access to your businesses’ sensitive or confidential information. In fact, 74% of organizations in the United States experienced a successful phishing attack. Additionally, Google has registered 2,145,013 phishing sites as of Jan 17, 2021. This is up from 1,690,000 on Jan 19, 2020 (up 27% over 12 months).
While vishing has historically been less of a threat than phishing attacks, these have also been on the rise. 54% of organizations encountered vishing attacks (phishing by telephone) in 2020. But what is the difference between phishing attacks and vishing attacks? The method of delivery, of course. Let’s explore some additional key difference between the two, and how you can protect yourself and your business.
What is Phishing?
A phishing attack is when fraudulent emails are sent to your account. These oftentimes appear to come from a reputable company. The goal of these phishing emails is to get users to click malicious links or download infected attachments – allowing hackers to steal confidential information.
Phishing attacks begin when recipients begin to trust hackers. This provides accurate information about the recipient’s company, address, or even coworkers’ names. Then they set the bait. Lastly, phishing attacks end when the hacker springs the trap.
Examples of Phishing Attacks
1. Fake Invoice Scams
The most popular type of phishing attack out there utilizes the fake invoice technique. Like many phishing attacks, this scam utilizes fear tactics, pressuring the recipient to submit a payment for goods or services that they have never ordered or received. Finance departments are obvious targets for this kind of attack, although there are many potential victims that can be duped.
2. Email Account Upgrade Scam
Email account upgrades can usually appear to come from trusted email providers. When faced with an email like this, many people unfortunately click around links on the page, leading to pages that harvest your information.
3. Google Docs Scam
This sophisticated email scam gets recipients to click its link to view a ‘document’. This then takes you to an identical version of Gmail’s login page. Once your account is selected, you are then invited to grant access to your Google account. This allows the attacker free rein.
4. Message From HR Scam
An HR email scam oftentimes uses malicious attachments or links that, once clicked, install malicious software onto your device. To avoid this, it is important to encourage your colleagues to ask HR directly whether a request for personal information is legitimate before responding.
5. Unusual Activity Scam
When users get an email stating there has been “suspicious activity on your account”, alarm bells start ringing at full pace. Due to this urgency and panic, this scam works particularly well.
What is Vishing?
Vishing utilizes phone scams to steal personal confidential information from victims. Oftentimes this is referred to as voice phishing. Cybercriminals use social engineering tactics in order to convince victims to act by giving up private information such as access to bank accounts. Vishing relies heavily on convincing victims they are doing the right thing by answering the caller. Often the caller pretends to be calling from the government, a tax department, the police, or even the victim’s bank.
Examples of Vishing Attacks
Cybercriminals use software to target specific area codes. They usually use a message involving local banks, businesses, police departments, or other organizations. When the call is answered, an automated message begins. It then urges the person to provide their full name, as well as credit card details, bank account information, mailing addresses, and even social security information.
VoIP makes it simple for cybercriminals to create fake numbers and hide behind them. These numbers are difficult to track and can be used to create phone numbers which appear to be local. Some cybercriminals create VoIP numbers which appear to come from government departments, local hospitals or even the police department.
3. Caller ID Spoofing
Caller ID spoofing is when a cybercriminal hides fake phone number/caller ID. They might list their name as Unknown or even pretend to represent an actual caller, using an ID related to the Government, Tax Department, Police, etc.
4. Dumpster Diving
A popular method of collecting phone numbers is by digging through dumpsters behind buildings such as banks, office buildings, and random organizations. Oftentimes criminals find enough information to deliver a targeted spear vishing attack towards the victim.
Main Differences Between Vishing and Phishing
A phishing attack is targeted for a wide range of people through emails. This is usually an automated attack that hits many individuals at once. Alternatively, vishing attacks are also targeted for a wide range of people, however, the method of delivery is different because vishing attacks are delivered via voice communication. This is usually a manual attack.
Who is Staging These Attacks
Since phishing attacks target so many individuals at once, they typically have more accuracy. These criminals are typically hackers who have a vast knowledge about how to get into your device. Alternatively, vishing criminals typically do not have this knowledge, and their attacks are far less accurate due to the fact that one criminal can only take out on one attack at a time.
In terms of the information harvested, phishing attacks usually need the victim to click on a malicious link or download a malicious file. Vishing attacks, on the other hand, need for the victim to willfully give up their information over the phone.
Phishing and vishing attacks are constantly on the rise, but staying vigilant can help you and your employees, so they do not fall for these tricks.
Learn more about Cyren Inbox Security for 365, and how it can help your business stop phishing attacks in their tracks.