All these terms about phishing can be confusing. Here's a small dictionary-like list on some of them.

Criminals exploit the fact that email remains the primary channel for conducting business. Phishing is one of the most prevalent forms of cybercriminal activity, representing 95% of damages caused by cybersecurity incidents.

As of January 2021, Google had registered 2,145,013 phishing sites, showing an almost 30% increase in phishing site activity in the past year. To lower your risk of becoming a victim, understand the different terms often used when describing phishing scams.

Types of Phishing Attacks

BEC

Business Email Compromise (BEC) is also known as email account compromise (EAC). BEC is a type of scam that impersonates those authorized to make payment or wire transfer requests and trick unsuspecting employees. The FBI has identified five types of BEC scams: account compromise, attorney impersonation, CEO fraud, bogue invoice scheme, and data theft. In 2020, 65% of organizations faced BEC attacks.

Credential harvesting

Credential harvesting is also known as account harvesting. These phishing emails attempt to steal login information by tricking users into entering their credentials into a fraudulent website.

Evil twin

An evil twin attack involves setting up a fraudulent wireless access point and tricking users into believing it is a legitimate Wi-Fi network. Once the user has accessed the network, the attacker can spy and steal the user’s sensitive data.

Gift card scams

Gift card phishing emails engage with victims to trick them into purchasing gift cards. The scam relies on impersonation to convince the email recipient to send money using gift cards instead of a wire transfer.

Ransomware

Ransomware allows the attacker to lock files and demand payment from the victim in exchange for a key to regain access. Ransomware attacks can be delivered through phishing communication (email).

Spear phishing

Regular phishing involves generic attacks, while spear phishing campaign victims are specifically targeted. Spear phishing impersonates trusted senders and targets well-researched individuals or organizations using customized emails. According to research on targeted attacks, 65% of active groups carrying out phishing scams relied on spear phishing.

Phishing Impacts on Organizations

Brand damage

Brand damage occurs when the consumer’s perception of the brand is adversely impacted, usually after a negative experience. When a brand becomes a victim of a phishing attack, its brand image and reputation may suffer as stakeholders and customers question the company’s ability to protect their sensitive data and avert a crisis.

Business interruption

A business interruption is anytime a business cannot operate due to an event, resulting in losses in revenue and productivity. Phishing attacks can disrupt and even paralyze business operations, particularly in ransomware attacks when access to files is locked until a ransom is paid.

Drop in share prices

Share prices can drop when a company’s reputation and credibility take a hit, such as a phishing attack that leads stakeholders to lose trust in their investment.

Lawsuits

Lawsuits are legal disputes brought to a court of law for a decision. Because phishing attacks may expose users’ private and sensitive data to criminals, users may become suing parties and file lawsuits against the company that failed to keep their information safe.

Rogue wire transfers

Rogue wire transfers refer to the wired money involved in email scams. According to a report on phishing activities in 2020, the average wire transfer loss from phishing attacks was $80,183.

Settlements

When an organization is sued following a phishing attack, the sued party may decide to resolve the dispute with the complainant by paying settlement funds.

Stolen customer data

Stolen customer data in data breaches involve sensitive data associated with the customer, including full names, home addresses, birthdays, marital statuses, phone numbers, email addresses, and financial information.