Smishing, quishing and vishing - how bad actors try to ‘phish’ for your sensitive data

When was the last time you received an email from your bank (supposedly) asking you to “update your account details” or else get your account deactivated?

If you even remember to scrutinise the sender’s email address, you may find that it is a fraudulent email address pretending to be your bank’s. If you had fallen for it, you would have given criminals access to your bank account and hard-earned money. You would have been one of the many victims of a phishing attack in recent times.

So, what is phishing, exactly?

Put simply, phishing occurs when cybercriminals “fish” for your data. They do it by getting in touch through emails, text messages and social media, to name just a few ways.

Recently, cybercriminals have come up with more creative and sophisticated ways to phish.   But the underlying principle is simple – use deception to trick you into handing over your personal data – passwords, birthdays, contact information, credit card details.

Impersonate a bank, impersonate your boss, impersonate your friend. Make the message sound urgent. Make it sound like your life (or that of a loved one) depends on you clicking that link.

Cybercriminals have a whole arsenal of tricks up their sleeve. Here are some of the many ways phishing is carried out.

• Email phishing: Impersonate a bank, organisation, or brand and send an email asking to click on a link or download a file. The link is a spoofed website which asks for your data, while the file contains malware or viruses.

• Spear phishing: Similar to email phishing, but more personalised. Criminals research about their targets and send them personalised emails that use familiar language, tricking them into doing whatever the email is telling them to do.

• Whaling / CEO Fraud: Similar to spear phishing, but makes the email appear like it came from a top executive at a company. It is often used to trick other executives into releasing money or sensitive data.