Don’t take the bait: Recognizing the different types of phishing attacks

Phishing attacks are the #1 threat faced by dental and healthcare providers. More than 90% of data breaches within the sector are linked to phishing and this year, researchers estimate phishing will make up 80% of healthcare-related cyberattacks.

In this blog, we will explore the various types of phishing attacks, how to recognize them and the steps you can take to protect your data. 

Email Phishing

Phishing attacks occur via email about 96% of the time. Despite being one of the oldest forms of online scams, only one out of seven people can identify a phishing attempt. This is due, in part, to cybercriminals growing increasingly sophisticated, resulting in more believable emails. While you may still receive occasional requests from a “prince” of a faraway land, more often than not, phishing emails appear to come from well-known companies. For example, one of our partners received the email below.

Metallic IT Phishing Email Attack

At first glance, it appears to be from Norton, a well-known antivirus and security software provider. Upon further inspection, it becomes more obvious that it is not legitimate.

Metallic IT Phishing Email

Norton isn’t the only company that scammers are impersonating – Netflix, Microsoft, Paypal, Apple, Amazon – the list goes on. These types of emails are the most common and are widely distributed, however, there are more targeted types of attacks known as spear phishing and whaling. While traditional phishing emails are widely distributed, the other methods focus on specific people.

A criminal carrying out a spear-phishing attempt does so already armed with information about their victim. For example, a person’s

  • Name
  • Workplace
  • Job Title
  • Email address
  • Details about their role

They address their victim by name, refer to their job and may claim to be from another company in need of your services or requesting information. These emails might also include mentions of colleagues or acquaintances to appear more convincing.

Whaling is is a type of cyberattack where threat actors impersonate a business or organization’s leadership. They may send a convincing email to a staff member, claiming to be the person’s supervisor and requesting assistance. 

While 96% of phishing attacks occur via email, it certainly isn’t the only avenue being leveraged by cybercriminals.

Angler Phishing

Approximately 3% of attackers use malicious websites; this is often called Angler Phishing.

In these types of attacks, criminals trick victims into sharing sensitive information or downloading malware by cloning websites, creating fake social media profiles or directing users to fake URLs.

Smishing and Vishing

The remaining one percent of attacks are carried out over the phone, by text message or on instant messaging platforms such as Telegram or WhatsApp. In some cases, these attempts are broad and general. For example,

Metallic IT Phishing Text SMishing

Other messages are similar to whaling emails, such as this one:

Phishing Text

If a text looks questionable or you’re not sure who you’re speaking with, tread lightly. Avoid sharing any sort of personal information, request proof of their identity and end the interaction as quickly as possible.

Protect your patient data

Data is more valuable than ever before, making your practice particularly appealing to criminals. That is why it is not only essential to have spam filters and other cybersecurity measures in place, but also to educate your team about the importance of staying vigilant about data security. We’ve created an infographic that you can use to ensure everyone at your practice can spot a phishing email – click here to download it and share it with your team.

Looking for more cybersecurity tips? You may be interested in these posts.