cybersafe Archives - eStorm Service Centre

11 Types of Phishing Attacks

August 3, 2022 by eStormAus

1. Spear Phishing

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organisation, or business. It is a malicious tactic utilising emails, social media, instant messaging, and other platforms to get users to share personal information or perform actions that can cause network/system compromises or data/financial loss. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware or ransomware on a targeted user’s device.

Typically, spear phishing is used in targeted attack campaigns to gain access to an individual’s account or impersonate a specific individual, such as a ranking official or those involved in confidential processes within the company.

2. Whaling

A whaling attack is a method used by cybercriminals to masquerade as a senior official within an organisation and directly target other ranking or important individuals. The aim of whaling attacks is typically to steal money, gather sensitive information, or gain access to their computer systems for criminal purposes.

Also known as CEO fraud, whaling is similar to regular phishing attacks in that it uses methods such as email and website spoofing to trick targets into performing specific actions, such as revealing sensitive information or transferring funds.

Cybercriminals specifically choose to impersonate someone with senior or influential roles within the organisation. Think of them as the ‘big phish’ or ‘whales’ of the company (i.e., CEO or finance managers). Impersonating people in these roles adds an extra element of social engineering, as staff may be reluctant to refuse a request from someone they deem to be important.

3. Vishing

Voice phishing (shortened to ‘vishing’) is a form of phishing that uses phones to steal confidential information. Vishing relies on convincing victims they are doing the right thing by responding to the caller. Often the scammer will pretend to be calling from the government, tax department, police or the victim’s bank.

Using threats and persuasive language, cyber criminals will make their victims feel like they have no other option but to provide the information requested. Some scammers will use forceful language that suggests they are helping the victim avoid criminal charges, while other scare tactics involve leaving threatening voicemails requesting the victim call back immediately or risk arrest, loss of funds, or worse.

The cybercriminal may ask for bank account information, credit card details, mailing addresses, tax information, or medical records. They may also ask the victim to take action by transferring funds, emailing confidential work documents, or providing details about their employer.

Once the criminal has obtained this information, they may drain the victim’s bank account, commit identity theft, use the victim’s credit card to make unauthorised purchases, or access their email accounts to trick the victim’s colleagues into giving up confidential information.

4. Smishing

SMS phishing (also known as text phishing, or ‘smishing’) is a phishing attack carried out over mobile text messaging. Victims are deceived into giving sensitive information to a disguised attacker. It occurs across many mobile messaging platforms, including non-SMS channels like WhatsApp, Facebook, Instagram or other data-based mobile messaging apps.

Cybercriminals manipulate a victim’s decision-making through three driving factors:

Trust: by masquerading as a legitimate individual or organisations, cybercriminals lower their target’s scepticism.
Context: cybercriminals use a situation could be relevant to targets allows them to build an effective disguise. The message feels personalised, which helps it override any suspicion that it may be spam.
Emotion: by heightening a target’s emotions, attackers can override their target’s critical thinking and spur them into rapid action.

5. Angler Phishing

Angler phishing is a recent type of cyberattack that targets social media users. People disguise themselves as a customer service agent on social media in order to reach a disgruntled customer and obtain personal information or account credentials.

Fake accounts will answer people are airing complaints on social media, and will disguise themselves under a user handle or profile that includes the name of the financial institution with the hopes that upset victims won’t realise they are not a valid account.

Once they have baited their disgruntled victim, the fake account will offer a link they claim will take the victim directly to an agent to talk to them. However, that link will either install malware onto their computer, or lead them to a fake website that will try get information and money from them.

6. Pharming

Pharming is a type of cyberattack in which criminals redirect internet users trying to reach a specific website to a different, fake site. These fake (or ‘spoofed’) websites aim to capture a victim’s personally identifiable information (PII) and login credentials, such as passwords, social security numbers, account numbers and so on, or else they attempt to install pharming malware on their computer. Pharmers often target websites in the financial sector, including banks, online payment platforms, or ecommerce sites, usually with identity theft as their ultimate objective.

7. Pop-up Phishing

Pop-up phishing involves using fraudulent messages that pop up for users when they are surfing the web. Cybercriminals infect legitimate or otherwise trustworthy websites with malicious code that enables these pop-up messages to appear when people visit the website.

Often, these messages warn unsuspecting website visitors about the security of their computer and will prompt the visitor to either download a tool (such as an antivirus application) which is in fact malware, or to call a fraudulent number for support.

Example of successful pop-up phishing:

A potential victim was browsing the internet on his MacBook Pro, when he encountered a pop-up message alerting him to a problem with his computer. The scammers behind the pop-up provided a phone number to call for support.

The cybercriminal disguised as an ‘Apple support representative’ prompted the user to establish a remote connection so the ‘representative’ could diagnose the issue. The scammer showed the user his AppleCare had expired and required renewal for $499 and navigated the victim to a webpage requesting his credit card number for AppleCare renewal.

8. Clone Phishing

Clone phishing refers to an email that has been cloned from an original message sent by an authentic organisation. The cloned email appears to be legitimate and can trick the user into giving up information.

Clone phishing has evolved into a cyber threat that is often targeted at high-profile people such as individuals working in politics, banks, or large enterprises because clone phishing offers a way for attackers to extract sensitive, financial, confidential, or sensitive information.

Some clone phishing messages appear to be sent by a real person at the company the target works for or is involved with and is accompanied by copy and pasted content and information from a genuine message, with links or attachments that have been replaced by malware or fake website. Other spoofed emails include attachments claiming to contain important information such as invoices or shipping notices. Often, these attachments will contain malware or ransomware that compromise the victim’s device.

9. Evil Twin Phishing

An evil twin attack is a form of cyberattack that tricks a victim into connecting to a fake Wi-Fi access point that mimics a legitimate network. It is the wireless version of common phishing attacks. Once a user is connected to the ‘evil twin’ network, cybercriminals can inject malware or access the victim’s network traffic, sensitive data, and private login credentials.

The danger in evil twin attacks is that victims are often not aware they have been targeted by an evil twin attack because, for all intents and purposes, it feels no different from connecting to any other Wi-Fi network. The main difference is that once they have connected, everything they do online can be tracked and even controlled by the cybercriminal. If the victim logs into an unsecured bank or email account, the cybercriminal is able to intercept the login details and transactions.

Once the cybercriminal has identified a Wi-Fi network or hotspot to spoof, they will create a counterfeit wireless access point with the same name, one that closely resembled it or a name that could tempt users (e.g., Free Wi-Fi). Open networks are a prime target as users can connect automatically with requiring a password.

10. Watering Hole Phishing

Watering hole attacks compromise users within a specific industry by infecting websites they typically visit and luring them to a malicious site. Watering hole attacks are also known as strategic website compromise attacks.

Cybercriminals attempting attacks for financial or gain or to build their botnet can achieve this by compromising popular consumer websites. They will look for a known vulnerability in the website, compromise the site, and infect it with their malware before they lie in wait for baited users.

On top of this, attackers will prompt victims to visit the sites by sending them seemingly harmless and highly contextual emails directing them to specific parts of the compromised website. Often these emails seem completely legitimate, as they are sent through the website’s automatic email notifications and newsletters that go out to their client or subscription base.

As with most cyberattacks, the user’s machine may be compromised by a drive-by-download that provides no clues to the victim that their machine has been attacked and compromised by the site.

11. HTTPS Phishing

HTTPS phishing refers to the landing page or watering hole site that a user arrives at. SSL certificates have in the past been a way to ‘prove’ that a website is trustworthy. However, now it has become relatively easy for scammers to encrypt SSL on their fake or spoofed websites. Cybercriminals can now get their own SSL certificates to secure pages used in their phishing campaigns, and can often do so without having to reveal much information about who they really are. Other criminals may abuse pages hosted on cloud services, which sometimes allow them to automatically inherit the security certificate.

Phishing Attack Prevention: How You Can Avoid Becoming the Catch of the Day

July 19, 2022 by eStormAus

Over 50% of IT professionals agree that phishing attacks are one of the biggest cybersecurity concerns currently affecting both individuals and businesses. Lapses in cybersecurity protocols and weak infrastructure allow phishing attacks to access highly sensitive information, including passwords, financial details and personal information. Criminals are using every communication method at their disposal, including email, social media and phone calls, to ensure their victims. Their deceptions have also become sneakier and more convincing over time, pretending to be trusted friends, coworkers, institutions and even governments. Unfortunately, one click can be all that stands between your private data and a hacker. With over 90% of data breaches being attributed to phishing attacks, it’s only a matter of time before you or your organisation becomes an unwitting target. Therefore, it’s important to know how to prevent, identify and manage any phishing attempts.

How Does Phishing Work?

A phishing scam will attempt to persuade the intended target to undertake an action (such as open an attachment, click on a link, fill out a form, or reveal personal information), by posing as a trustworthy individual or reputable organisation. Once the action is completed, a number of consequences may result. A cybercriminal will most likely use a phishing scam to try to:

Gain total control of your device and its contents by infecting it with malware
Access private information that can be used to steal your money and/or identity
Obtain log in details for your online profiles including email, social media, banking, online shopping and other platform accounts
Trick you into willingly sending money or other valuables through deception

Phishing attacks can take many forms. Some are swift and encourage you to urgently complete a specific action, while others can be a long drawn out process, building a connection with the intended victim over an extended period of time. Only after a trusting relationship has been established (and the victim is lulled into a false sense of security) does the scammer take advantage of the situation.

Unfortunately, even if you exercise extreme caution, it can be the people closest to you who pose the most danger. If someone close to you has their email, contact list or social media compromised by a phishing attack, then the hacker may hijack their account. From there, it’s an easy feat for the hacker to spam friends, family and coworkers with phishing messages seemingly from an account they know and trust.

Types of Phishing Attacks

The sad truth is that cybercriminals who use phishing attacks are good at what they do. They’re savvy liars, who know how to craft believable stories and design legitimate appearing communications. They’re so good that over 40% of employees have admitted to not following best practice guidelines and engaged in some for of dangerous action while online (ie. clicking on an unfamiliar link, downloading a file or exposing personal data). If you’re an act first and think later kind of person, then you’re an easy target for phishing scams.

The good news is that phishing is much easier to recognise once you know what to look for. Although phishing attacks can take many forms, they most commonly fall into one of the following categories:

Phishing emails are carefully designed to resemble a valid email address, individual, company or organisation. It may include personal information the cybercriminal has gathered about you (such as your name, employer or geographical location), in order to appear more legitimate. It will likely also include a request to follow a link, open an attachment, change a password, send a payment or reply with private information.
Phone/Voice phishing (vishing) occurs when a scammer impersonates a person or company over the phone. They may use a number of methods to call your number directly, such as Voice over Internet Protocol (VoIP) technology. In other cases, a fisher might try to mask their own phone number by sending out an automated message that redirects the intended victim. In any case, the visher will say and do everything they can to keep you on the phone. The longer you talk to them, the more likely you are to fall into their trap.
SMS phishing (smishing) is very similar to vishing, but will take place over text exchanges and messaging apps.
Social media phishing involves cybercriminals either posting or directly messaging phishing links on social media platforms. The links can take a variety of forms: fake news articles, free giveaways or sketchy “official” charitable organisations with urgent requests. Referred to as “clickbait”, the links will be as sensationalised and dramatic as possible in order to entice people. If any of your social media contacts fall for the trap, then the scammer can then impersonate them and use their account to spread the nefarious link.
Clone phishing takes place when an existing message from a legitimate contact is duplicated, with all of the original attachments and links replaced by the scammer. While this method most commonly appears in email attacks, it has also been used by social media and SMS phishing scams.
Domain spoofing is a popular technique used to impersonate brands, businesses and organisations. Cybercriminals will mimic valid email addresses by using a domain that very closely resembles the one used by the real company. For instance @netflix.com may be modified to @netflix-support.com in order to fool Netflix subscribers. Alas, people who fall for this scheme may not realise their mistake until it’s too late.
Email account takeover takes place when a cybercriminal acquires the email credentials of an executive member of an organisation. They use this to impersonate them and target any colleagues, team members, clients and customers who have dealings with this individual. The scammer capitalises on their high profile and position of authority, sending out phishing emails to other targets who report to and/or trust the original email account holder.

How to Spot a Phishing Email

Approximately 3.4 billion spam emails are sent out every day! While spam filters may stop many phishing attempts from reaching your inbox, there are bound to be some that slip through. Scammers are also continually updating their tactics, doing everything they can to disguise themselves and their intentions. Below are some red flags that can help you spot any phishing emails that have managed to slip into your inbox:

Warnings of suspicious activity and/or log-in attempts that have been noticed on your account
Claims that you have an outstanding payment and/or that you need to rectify your payment information
Requests to confirm your account by disclosing personal information
Attachments/downloads (such as fake invoices or receipts)
Statements that you’re eligible for some form of government refund and/or scheme
Offers coupons/vouchers for free items/services to be redeemed
Spelling errors and poor grammar
Unprofessional or amateur looking graphics
Generic greetings instead of your name (such as Dear Customer or Dear Sir/Madam)
Unfamiliar links

What To Do If You Receive a Phishing Email

Unfortunately, many of us don’t think twice when opening emails in our inboxes. In fact, one third of all phishing emails are opened by their recipients! While simply opening the email may not have any ill consequences, it drastically increases the probability that you’ll click on a malicious link or download, whether unintentionally or because curiosity got the better of you. For this reason, if you come across a suspicious looking email than we recommend you follow these simple steps:

Delete the email immediately without opening it. Not all phishing emails require you to click on or download something, some can infect your device just by being opened! It’s better to be safe than sorry.
Block the sender of the email. If your email provider allows you to manually block incoming emails from specific accounts/domains then be sure to add the sender to your blocked list. If you are using a shared account or someone else has access to your inbox, then this is especially important.
Consider purchasing extra security to help monitor for phishing emails, such as antivirus software.

Tips To Protect Yourself From Phishing Attacks

Even for the most cautious person can still fall victim to a phishing attack. As cybercriminals employ more sophisticated tactics and find new ways to create increasingly convincing communications, it’s more important than ever to take preventative steps to avoid becoming the catch of the day.

Here are some basic measures you can use to avoid being scammed:

Be cautious when giving out personal information

A good general rule is never give out your information to a person or website you don’t 100% trust. Be sure to thoroughly verify that every website and/or company you give your information to is both genuine and secure. If the URL of the website doesn’t start with “http” or have a closed padlock icon nest to it, then under no circumstances should you enter your details.

Never trust alarming messages

Phishing scammers are known for trying to scare their victims into handing over their information. No matter what a communication says, it’s important to remember that most reputable organisations (such as governments, banks, insurance companies, etc) will never request account or other sensitive information via email. If you receive a worrying email, delete it and contact the company directly to confirm whether they sent it.

Avoid clicking on embedded links

It’s generally not a good idea to click embedded links in emails, even when you know the sender. At the very least you should hover over the link to see if the destination is what it claims to be. However, in some cases the attack is so sophisticated that the destination URL is indistinguishable from the genuine site. Rather than click on the link, visit the site directly through use your search engine to find the site and visit it directly.

Don’t download any attachments

Never open an attachment from a suspicious or strange email. Many will be mislabelled as Word, Excel, PowerPoint or PDF file types in order to trick you into downloading malware or something else nefarious.

Install anti-phishing add ons

Most internet browsers these days have add-ons available that can discern malicious websites and alert users to known phishing sites.

Install firewalls

Firewalls act as a shield between your device and a cyberattack. A combination of desktop and network firewalls is one of the most effective ways to reduce the chances of a phishing attacks infiltrating your environment.

Regularly update your software and operating systems

Look, we’re all guilty of ignoring update notifications at some point or another. However, patches and updates are necessary to ensure your device can withstand the latest cyberattack methods. Older operating systems and internet browsers some of the most common targets for phishing attacks, so make sure you update, update, update!

eStorm Service Centre

4.8

Based on 82 reviews

review us on

Beatrice Ndebele

07:36 22 Sep 22

Fantastic service, was referred by Apple after MacBook developed a dark screen and wouldn’t turn off. I was informed of possibility to pay for diagnostic fee and expect to leave it for a fee days. I found the gentlemen friendly and accommodating. The service was prompt, fair subsequent charges. My MacBook had storage issues, I got a new laptop and they helped transferring my data. I will certainly be going back to them in future and I strongly recommend these professionals to anyone having issues with their devices.

julie farrell

06:28 02 Sep 22

2 nd time I have used this service. Needed new battery for my iphone 6 s in 2020. Then 2022 had a battery replaced in my iphone 7. Both times have been brilliant. Such a smooth and well organised service. The fellas at the counter on every occassion have been very patient and helpful. Thanks again, highly recommended

Gary wylie

09:28 01 Sep 22

Quick service. Reasonable pricing .Would recommend for apple repairs

Joel Berry

10:08 23 Aug 22

Awesome service, with a quick turn over. Genuine apple product dealers, most issues under warranty and or insurance will be covered free of charge or for a small cost.Highly recommended.

John Florez

00:27 11 Jul 22

Very knowledgeable, friendly and 100% helpful. They explained all the options and their pros and cons to improve my iMac's performance. My computer is now running much faster with these upgrades. Great Work! Highly recommended!

Melissa Moana

05:16 13 Jun 22

i had no idea they were here awesome service way better than having to travel to carindale

Desiree S

07:52 27 May 22

I discovered this apple repairer by chance and now I recommend them to everyone. Great service and reasonable prices.

Emily Martin

04:45 22 Feb 22

Dropped my MacBook in just shy of 3 years old with a battery issue. The team were very prompt in email response and with the computer. Dropped Saturday, said it would be ready Wednesday. To my surprise it was ready today (Tuesday) a whole day early. Even better they covered the replacement of the battery under warranty. Highly recommended!

Kyle PM

07:59 01 Feb 22

Great and easy service. Much simpler to deal with than an Apple store for repairs. As an IT professional, will definitely be back if a staff member breaks their phone. (Let's be honest, they will).

Ricardo Sé Cestari

23:30 02 Jun 20

Good professional service. Job well done and in a better than expected timeframe.

Kathryn Chee

06:38 15 May 20

Phone came back good as new after a nasty cracked screen. Service was efficient although I did have to come back 24hours later as they didn’t have my colour iphone Instock - so maybe call ahead the day before if you want same day screen repair?

Stevan Kostantinovic

23:01 05 May 20

Very helpful and professional staff as they are Apple certified and did a great job replacing my sisters broken macbook pro screen.Always remember, you get what you pay for.

Ivan ZiHao Tan

10:12 29 Apr 20

Effective and honest! It’s a nice and not busy place to get your IT stuff fixed. It is a bit out of the way but if you’re around west side, just go there. Traffic is smooth too!

Oliver Baumeister

21:38 06 Mar 20

Good service, quick repair of my MacBook Pro under warranty. 3 days to replace ‘top case’ (keyboard, trackpad, etc). Very satisfied.

Bradley Witham

01:43 03 Feb 20

Great shop. Highly recommended. Professional and very helpful staff. Did a great job for me. Will be back for sure - even though it’s over 1hr drive from my home!

Evan g

01:49 07 Jan 20

Friendly and knowledgeable staff coupled with quick service even during a busy period.

Jaidyn Somerville

22:59 01 Nov 19

Quick and professional service, I was told my MacBook would be ready in 2/3 business days and received a text to confirm it was ready two days later. Kept me informed with updates too. Defiently recommend these guys.

Mike C

09:09 23 Oct 19

Friendly, professional staff. Perfect job replacing Macbook keyboard and screen, all with a very quick turnaround. Best Apple experience yet - highly recommended.

Mark Schulz

01:15 04 Sep 19

My second time using the service - first for an iPhone battery replacement and this time to replace the battery in a Macbook Air. Service is great. Will continue to use them into the future.

Jason O'Connor

01:25 28 Aug 19

What a terrible experience dealing with eStorm in Springfield Lakes. After spending an hour on live chat with Apple last night they said that there was an issue with phone and to take it to one of their retail stores or to an authorised service centre. The closest to us was eStrom Service Centre in Springfield Lakes. We were booked in there by Apple who were 100% aware of the phone being out of warranty but due to the issue they were happy for it to be taken in. When my wife got there she was greeted by someone called Dallas who then proceeded to ask her for $40 as a diagnosis fee. At no stage were we made aware that there would be a fee even though Apple were aware of the phone being out of warranty. When my wife made him aware of that he said that it was their policy and there was nothing they could do about it. My wife turned around and walked out. I called to ask what the story was and Dallas said exactly what I have written above. No consideration about the fee, it was internal policy and not their problem that Apple didn't tell us about it. So disappointed at this experience and will never be using them again or would ever recommend them to anyone.

Kelley Knudsen

07:58 16 Aug 19

Great customer service, professional and polite, great results and fast turnaround!

Theticus _

00:08 30 Jul 19

Great service for Apple repair

Michael Bischa

03:27 31 May 19

Great service, let us know our options up front, found the solution and ordered parts in and completed the job in just 48 hours to get am important computer back up running. They are great!

Rob & Rebecca Ketelaars

19:43 20 May 19

Friendly staff. Fast service. Replaced the battery in my iPhone 6 in about 1.5 hours while I was shopping at Orion just across the road. Perfect.

Valentin Despa

08:33 09 May 19

Very professional, friendly and fast. I liked a lot that you get text messages with the status of your job. Thank you guys!

Anthony

05:33 05 Feb 19

Staff was very friendly and professional, only took 2 business days for my keyboard to be repaired; excellent service and absolutely no hassle.

Kazi Nazmul Haque Shezan

00:46 01 Dec 18

Just awesome experience. My apple watch 4 was not charging. I got a new apple watch in 3 days. They are very fast at resolving problem. The staffs are very helpfull

Helena Stibbard

23:12 11 Sep 18

Exceptional service; Explained everything and was very helpful with advice for backing up files; MacBook Pro full keyboard replacement done in 2 days; very little downtime which was really appreciated. Highly Recommended

Tom Parke

11:41 05 Sep 18

This is an easy five stars. I came into the store, explained my issue (I needed to have the entire screen of my laptop replaced). They told me they'd need to order in some parts, and the entire repair was finished in less than 24 hours. Superb team.

Sam D

22:38 19 Apr 18

I took my MacBook Pro in to get the screen diagnosed and replaced through apple warrenty, it was completed very quickly and estorm did an excellent job. It was so much easier going to estorm over an apple shop, no wait time, plenty of appointment times and no pushing your way through noisy crowds. Will definitely be going back to them for any issues. Thanks!

James C

02:50 22 Mar 18

Liam Sorensen

21:18 31 Jan 18

Excellent service and very professional atmosphere. I had a couple of apple devices that needed fixing and to my surprise were covered under warranty and were replaced free of charge!! The team there are an awesome crew very welcoming and very understanding.Look forward to requiring your service again.

Dallas Rankin

01:20 17 Oct 17

Wade

04:43 16 Oct 17

See All Reviews