Phishing is a fraudulent technique in which cybercriminals impersonate a trusted person or organisation (bank, government department, online service, etc.) in order to obtain or steal sensitive personal information such as login details, bank card numbers, etc.
The 8 main types of phishing
- Phishing by e-mail : the most common method. You receive a fraudulent e-mail that encourages you to click on a link or download a malicious attachment.
- Spear phishing : a more targeted attack. The scammer collects specific information about you to personalise his message and increase your chances of falling into the trap.
- Whaling : a variant of spear phishing, but this time the target is a high-ranking person (CEO, celebrity, etc.).
- Smishing : SMS phishing. You receive a fraudulent text message directing you to a malicious site.
- Quishing QR code phishing. Flashing a fraudulent QR code redirects you to a malicious site.
- Vishing : phishing by voice call. A caller contacts you by telephone to encourage you to divulge confidential information.
- Angler phishing : the attacker poses as a customer service representative on social networks in order to gain your trust and obtain sensitive data.
- The president scam, also known as theFalse transfer order (FOVI) scam The attacker impersonates a company executive to request an urgent bank transfer to a fraudulent account.
New phishing trends
> Phishing based on artificial intelligence Phishing: using AI to create more convincing and personalised phishing messages, thereby increasing the success rate of attacks. AI is also used to duplicate the voice or image of someone trusted, mainly for phishing scams such as the president scam.
💥 Consequences of successful phishing
- Account hacking unauthorised access to online accounts, leading to data modifications or deletions.
- Financial losses fraudulent bank transactions, unauthorised purchases or money transfers to fraudulent accounts.
- Identity theft fraud: using personal information to take out loans, open accounts or commit other frauds in the victim's name.
- Damage to reputation Dissemination of sensitive or compromising information, affecting personal or professional reputation.
👉 Phishing examples
- Smishing A text message claiming to be from your bank informs you of suspicious activity on your account and invites you to click on a link to verify your details.
- Vishing A phone call from someone pretending to be a tax official asking you to confirm your bank details for a refund.
- Quishing A QR code displayed in a public place purports to offer a free Wi-Fi connection, but redirects you to a malicious site that collects your personal information.
How phishing works
- Identity theft Attackers send messages (e-mails, text messages, phone calls) that appear to come from a legitimate source.
- Incentives for action These messages often contain links to fraudulent websites or malicious attachments, encouraging the victim to provide confidential information or download malicious software.
- Gathering information Once the information has been obtained, cybercriminals use it to access accounts, carry out fraudulent transactions or sell the data on the black market.
📊 Phishing statistics
In France
- Email phishing is the 2ᵉ most frequent cyber attack against businesses and associations. Phishing accounts for 21.2% of cyber attacks.
- False payment orders (FOVI) account for 10.2% of cyber attacks.
Source: Cybermalveillance.gouv.fr 2023 activity report, 2024
🌍 In the world
- Volume of attacks In 2023, more than 1.76 billion phishing URLs were sent worldwide, marking a record level and underlining the scale of this threat. Source : Data Security Breach
- Sector targets Financial institutions continue to be the most targeted by phishing attacks, followed by online services and social networks. Source : Techopedia
- Technical developments Cybercriminals are constantly adapting their methods, exploiting world events or technological trends to increase the effectiveness of their attacks. Source : Geekflare
