1300 702 580
Log In

Learn

Cyber Security with Cybermate

Knowledge is Power!

Learn about the latest cyber threats and how to protect yourself. Our resources are here to help you stay safe online. Your cyber safety journey starts now!

Phishing Attacks

Phishing is a type of email or SMS attack used to steal user data, including login details and credit card numbers. It occurs when an attacker, pretending to be a trusted company or provider, cons a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack ( where to unfreeze it requires you to pay a ransom for an unlock code) or the disclosure of sensitive information.

 

Phishing is also often used to gain a foothold in corporate networks as part of a larger attack. For example, employees are compromised in order to bypass security measures, distribute malware inside a closed environment or gain access to secured data.

What a phishing attack looks like.

A common phishing scam example is:

  • A spoofed email is received that looks to be from a trusted source such as a bank or telephone company;
  • The email claims that the user’s password is about to expire. Instructions are given to go to a website address that is slightly different to the real address ( and is in fact the website of the attacker).

A number of things can then occur:

  • The user is redirected to a bogus page appearing exactly like the real renewal page, where both new and existing passwords are requested. The attacker, monitoring the page, hijacks the original password to gain access to relevant system; or
  • The user is sent to the actual password renewal page. However, while being redirected, a malicious script activates in the background to hijack the user’s session cookie. This gives the hacker access to the relevant system.

Types of Phishing Attacks

Phishing is a numbers game. Even if only a small percentage of recipients fall for the scam, an attacker can net significant information and money. The attacks are becoming more sophisticated. Many go to great effort to design phishing messages to mimic actual emails and text messages from a spoofed company. Using the same phrasing, typefaces, logos, and signatures makes the messages appear legitimate. The attacker will usually try to push users into action by creating a sense of urgency. For example , an email that threatens account expiration in a short period of time. This can cause the recipient to be less diligent and more prone to fall for the scam. While messages look legitimate they typically have a misspelled domain name.

  • Email Phishing: The most common type, where attackers send fraudulent emails that appear to come from a legitimate source, tricking recipients into providing sensitive information.
 
  • Spear Phishing: A targeted form of phishing where attackers focus on a specific individual or organization, often using personalized information to make the attack more convincing.
 
  • Vishing (Voice Phishing): This involves using phone calls to trick individuals into divulging personal information. Attackers may pose as representatives from trusted organizations.
 
  • Smishing (SMS Phishing): Similar to email phishing, but conducted via text messages. Attackers send deceptive messages to lure victims into providing sensitive information.
 
  • Whaling: A type of phishing that targets high-profile individuals like company executives. The term “whaling” comes from the idea of “big fish” targets.
  • Clone Phishing: This involves creating a nearly identical replica of a legitimate email, but with malicious links or attachments. The email appears to come from a trusted source.
 
  • HTTPS Phishing: Attackers use HTTPS to create fake websites that look legitimate. They then trick users into entering their personal information on these sites.
 
  • Pharming: This attack redirects users from a legitimate website to a fraudulent one, often through malware or DNS poisoning, to steal login credentials.
 
  • Watering Hole Attack: Attackers compromise a website frequently visited by a target group, infecting it with malware to steal information from visitors.
 
  • Pop-up Phishing: Fake pop-up messages appear on a user’s screen, often mimicking legitimate warnings or offers, to trick them into providing personal information.
  • Deceptive Phishing: General phishing attempts that use fake websites or emails to trick users into providing personal information.

 

  • Evil Twin Phishing: Attackers set up a fake Wi-Fi network with a similar name to a legitimate one, tricking users into connecting and providing personal information.

 

  • Search Engine Phishing: Attackers create fake websites that appear at the top of search engine results, tricking users into providing personal information.

 

  • Social Media Phishing: Attackers use social media platforms to send deceptive messages or create fake profiles to trick users into providing personal information.

 

  • Man-in-the-Middle (MITM) Attack: Attackers intercept communication between two parties, often to steal login credentials or other sensitive information.

What Is The Dark Web?

The dark web is the part of the web that can only be accessed by means of special software, allowing users and operators to remain anonymous and untraceable. It is where you will find criminal activity.

 

Regular browsers can’t access dark web websites. The dark web use “Tor” servers which provides users complete anonymity while surfing the web. At the same time, dark web website publishers are also anonymous thanks to special encryptions provided by the protocol.

 

This makes it a great place for hackers and other criminals to sell any stolen information such as passwords and account details that they have extracted from you or someone you deal with.

 

So when there’s been a data breach, the chances are high the compromised information such as password details and credit card numbers will end up for sale on the dark web. It also has plenty of like log-in credentials, such as hacked Spotify and Netflix accounts.

 

The buyers of the information will use cryptocurrency such as Bitcoin, to ensure buyers and sellers remain anonymous.

Trust Us, Don't Search The Dark Web

The dark web is not a place you want to be searching yourself, unless you are very careful. Getting to the dark web is actually easier than you might think, you just need to download a dark web browser, like the Tor browser.

 

We don’t recommend it. Among other reasons, it is populated by criminals who given a chance will likely try to exploit you. If you click on any links it’s possible you could be downloading a file that could infect your device with a virus. Not surprisingly, a lot of these people would be willing to hack your devices. They might, for example, try to hijack your Webcam with a remote administration tool also known as a RAT ( we always suggest you should cover your webcam when not in use).

Finding material on the dark web is much more difficult than using a search engine like Google because the dark web doesn’t have an index or ranking system to help you find what you need.

Subscribe to our newsletter!

Speak to a Cybermate Today

© 2025 Cybermate. All rights reserved.

Website by Big Brand Theory