What Is Phishing? 6 Common Cyber Security Exploits Explained

illustration of a pdf getting hooked by a fishing reel to represent what is phishing

Picture this: Simone is the head of an acquisition team that is in the final round of competing for a huge deal. The morning of the big presentation, she gets up early and sees a Dropbox link from a team member with the subject “Urgent updates for today’s meeting.” 

Simone is puzzled, as she isn’t expecting further changes, but clicks the link anyway and signs in to open the document. She realizes her mistake immediately. There is nothing to view, just a blank error page. Simone had accidentally fallen for a phishing attack, putting her personal information—and the company’s security—at risk.

If you’ve spent any significant amount of time on the internet, you can probably sympathize with Simone’s story. Phishing scams are ubiquitous in our hyper-connected online society. Anyone with an active email account has likely received a phishing email as millions of fraudulent messages are pumped out daily.

But there’s more to phishing than just simple bait-and-switch scenarios. Read on to learn more about phishing, common types of phishing attacks and the steps you can take to help avoid getting hooked by email scams.

What is phishing? 

Phishing is an umbrella term for various fraudulent methods of obtaining data and/or sensitive information via electronic communication. Most phishing attacks arrive by email and are sent by cyberattackers who disguise themselves as another entity in order to access your information.

If you think you’re too savvy to fall for a scam, think again. According to a McAfee® and Center for Strategic and International Studies report, nearly two-thirds of the two billion people who use online services have had their data stolen or compromised.1 Anyone with an email account or online presence can be targeted by phishing scams. The negative effects for companies and organizations can be severe. The most common consequences of a successful phishing attack are loss of data, compromised credentials and accounts, installation of ransomware and malware, and financial losses. Those losses can be substantial—IBM® reports the global average cost of a data breach in 2020 was $3.86 million.2

What do cyberattackers gain by phishing? 

Unsurprisingly, access to information and money are nearly always the end goals of phishing attacks. Perpetrators of phishing crimes can make ill-gotten financial gains in a myriad of ways. A few examples include selling passwords, personal information and data; threatening disclosure of private or sensitive materials in exchange for a ransom; hacking into bank accounts; stealing credentials and identities; and installing malware. 

Types of phishing attacks 

The people behind these cybercrimes are constantly evolving their tactics and finding new ways exploit people and organizations. Read on to learn more about the different types of phishing attacks being used on a regular basis.

Spoofing 

Spoofing, or intentionally misrepresenting the source or identity of a communication to appear as though it is from a trusted source, is the bread and butter of phishing scams. Criminals most commonly spoof email addresses, domains and IP addresses to trick people into engaging with their malicious links or software. This works to great effect because people are much more likely to open an email from an entity they know or use.

Spear phishing

Spear phishing is a highly targeted scam designed to trick a person or small group of people. In contrast to broad-based phishing attempts, the emails or other electronic communications used are much more customized for the intended recipient. To spear phish successfully, criminals use publicly available information about their targets to make the scam as convincing as possible. Even something simple, like knowing where a target lives or the online accounts a target uses, can help scammers craft their attacks. 

Whaling

Whaling uses the same tactics as spear phishing but with a hyper-specific focus on prominent, high-value targets. To land a successful whaling attack, cybercriminals will carefully select a senior or high-level leader at an organization and pretend to be a friend or trusted colleague. This tactic is a type of business email compromise (BEC) and is sometimes known as CEO fraud. Phishers are experts in forging emails, websites and credentials to make it seem like a legitimate message from a coworker.

Executives and other high-profile individuals should take extra care in curating their online presence. Sharing personal information—even everyday things, like birthdays, job titles, vacations or relationships—can be used by criminals to tailor attacks.

Clone phishing

As the word “clone” implies, this kind of attack uses a real, previously sent email and sends it again—but with dangerous additions. Scammers will replace legitimate links or attachments with malware, viruses or ransomware to trick receivers into thinking that they came from a trusted source. This kind of scam is particularly insidious because a busy employee with lots of emails in their inbox is likely to click it without hesitation.

How to stay off the phishing hook 

Your cybersecurity will have to be layered and multi-pronged to be effective. Some helpful tips for combating phishing scams are:

  • Adopt a risk-aware mindset about phishing scams. Simple training and repetition can help build good habits. 
  • Watch out for classic tell-tale signs of a scam, like misspellings or discrepancies in names, URLs, sender info, websites and grammatical errors. 
  • Utilize a password manager to reduce the hassle of having complex and unique passwords. 
  • Use email signing certificates for highly visible employees, like CEOs and leadership, who may be targeted.
  • Be cautious about using public Wi-Fi. Never download an app or give personal information in exchange for free internet.
  • Maintain robust cybersecurity programs. Use email filters, antivirus software and VPNs. 

Combat scammers with a career in cybersecurity 

Scammers never sleep, and organizations are under more pressure than ever to keep their data and information secure. While the negative effects of phishing and other malicious internet activities are certainly substantial, there’s a silver lining for tech professionals. Organizations need highly skilled help to keep their networks secure and the damage from security failures minimal. Could earning a Cyber Security degree be the right move for you? Our article “Is a Cyber Security Degree Worth It? Analyzing the Facts” can help you decide.

1James Lewis “The Economic Impact of Cybercrime – No Slowing Down” McAfee and the Center for Strategic International Studies, February 2018 [accessed April 2021] https://www.csis.org/analysis/economic-impact-cybercrime
2IBM, “Cost of a Data Breach Report 2020 Highlights” [accessed April 2021] https://www.ibm.com/downloads/cas/QMXVZX6R

McAfee is a registered trademark of McAfee, LLC.
IBM is a registered trademark of International Business Machines

About the author

Kelly Petersen

Kelly is a content specialist at Collegis Education, where she researches and writes about a variety of topics on behalf of Rasmussen University. She is passionate about education and previously worked as an English as a Second Language (ESL) teacher in Spain and as a higher education communications specialist in Costa Rica.

Kelly Petersen

Related Content

Related Content

This piece of ad content was created by Rasmussen University to support its educational programs. Rasmussen University may not prepare students for all positions featured within this content. Please visit www.rasmussen.edu/degrees for a list of programs offered. External links provided on rasmussen.edu are for reference only. Rasmussen University does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen University is accredited by the Higher Learning Commission, an institutional accreditation agency recognized by the U.S. Department of Education.

logo-accreditation-acen logo-accreditation-ccne chart-credential-laddering-associates-bachelors-masters 0 Credits 90 Credits 180 Credits 48 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE Start Here MASTER'S DEGREE PURSUERS End Here BACHELOR'S DEGREE End Here MASTER'S DEGREE chart-credential-laddering-associates-bachelors 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 90 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 180 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-msn chart-credential-laddering-nursing-programs chart-credential-laddering-nursing DNP MSN RN to BSN LPN to RN Bridge Accelerated BSN Professional Nursing ADN Practical Nursing Diploma Pre-Licensure Post-Licensure icon-colored-outline-bank icon-colored-outline-certificate icon-colored-outline-circle-dollar-sign icon-colored-outline-folder-search icon-colored-outline-hand-heart icon-colored-outline-head-blocks icon-colored-outline-head-cog icon-colored-outline-head-heart icon-colored-outline-health-plus-leaves icon-colored-outline-hospital icon-colored-outline-lifelong-learning icon-colored-outline-light-bulb-analytics icon-colored-outline-location-pin icon-colored-outline-magnifying-glass icon-colored-outline-monitor-healthcare icon-colored-outline-monitor-paper-search icon-colored-outline-nurse-rays icon-colored-outline-padlock-shield icon-colored-outline-person-presenter-screen icon-colored-outline-scales ras-logo-flame ras-logo-horizontal ras-logo-stacked icon-colored-advance icon-colored-arrows-cross-curve icon-colored-briefcase-star icon-colored-build icon-colored-bulb-analytics icon-colored-certificate icon-colored-continual-development icon-colored-duo-chatbox icon-colored-folder-mortarboard icon-colored-forward-ribbon icon-colored-gears-clock icon-colored-globe-pen icon-colored-growth icon-colored-hand-bubble icon-colored-hand-stars icon-colored-hands-gear icon-colored-head-blocks icon-colored-head-cog icon-colored-health-plus-leaves icon-colored-hospital-building icon-colored-laptop-cbe-skyscraper icon-colored-laptop-checkmark icon-colored-laptop-webpage icon-colored-location-map icon-colored-location-pin icon-colored-monitor-paper-scan icon-colored-mortarboard-dollar icon-colored-national icon-colored-people-chat-bubbles icon-colored-person-cheer-star icon-colored-person-laptop-checkboxes icon-colored-person-screen-instructor icon-colored-person-whiteboard icon-colored-phone-chatbox icon-colored-police-light icon-colored-prep icon-colored-presenter icon-colored-regional icon-colored-save-time icon-colored-shirt-hat icon-colored-skyscraper icon-colored-state icon-colored-student-centered icon-colored-support icon-colored-world-experience icon-triangle-arrow-up-plant icon-triangle-calendar-pencil icon-triangle-clock-rotating-arrows icon-triangle-display-gears icon-triangle-hand-right-speech-bubble icon-triangle-laptop-coding-brackets icon-triangle-mortarboard icon-triangle-paper-ribbon icon-triangle-person-cheer-star icon-triangle-person-juggle icon-triangle-triple-people-chat-bubble icon-modality-campus icon-modality-field icon-modality-online icon-modality-residential icon-arrow icon-bank icon-camera icon-filter icon-general-chart icon-general-connect icon-general-degree icon-general-discuss icon-general-email icon-general-find icon-general-hat icon-general-heart icon-general-laptop-building icon-general-laptop icon-general-leader icon-general-map icon-general-money icon-general-paperwork icon-general-people icon-general-phone icon-general-speak-out icon-head-heart icon-info-circle icon-mail-forward icon-mglass icon-play-solid icon-quote-mark-left icon-quote-mark-right icon-scales icon-share-square-o icon-simple-chat icon-simple-desktop icon-simple-find icon-simple-hamburger icon-simple-phone icon-spinner icon-tag icon-testimonial-quotes icon-util-checkbox-white icon-util-checkbox icon-util-checked-white icon-util-checked icon-util-chevron-down icon-util-chevron-left icon-util-chevron-right icon-util-chevron-up icon-util-circle-arrow-down icon-util-circle-dot icon-util-language-switch icon-util-loading icon-util-open-window-link icon-util-pdf-link icon-util-refresh icon-util-x rebrand-arrows icon-social-facebook-colored icon-social-facebook-square-colored icon-social-facebook-square icon-social-facebook icon-social-google-plus-square icon-social-google-plus icon-social-instagram-colored icon-social-instagram icon-social-linkedin-square-colored icon-social-linkedin-square icon-social-linkedin icon-social-pinterest-p-colored icon-social-pinterest-p icon-social-twitter-colored icon-social-twitter-square icon-social-twitter icon-social-youtube-play-colored icon-social-youtube-play graduate-cap-star-coin hand-coin hand-heart nurse-stethoscope-rays card-send-smile person-yoga-pose suitcase-star