Understanding the different attack is critical when it comes to prevention.
1. Phishing Phishing emails are sent to large numbers of users simultaneously in an attempt to “fish” sensitive information by posing as reputable sources—often with legitimate-looking logos attached. Banks, credit card providers, delivery firms, law enforcement, and the IRS are a few of the common ones.
A phishing campaign typically shoots out emails to huge numbers of users. Most of them are to people who don’t use that bank, for example, but by sheer weight of numbers, these emails arrive at a certain percentage of likely candidates.
2. Spear Phishing This is a much more focused form of phishing. The cybercriminal has either studied up on the group or has gleaned data from social media sites to con users. The email goes to one person or a small group of people who use that bank or service. Some form of personalization is included – perhaps the person’s name, or the name of a client.
3. Executive Whaling Here, cybercriminals target top executives and administrators, typically to steal money from accounts or steal confidential data. Personalization and detailed knowledge of the executive and the business are the hallmarks of this type of fraud.
4. Social Engineering Within a security context, social engineering means the use of psychological manipulation to trick you into divulging confidential information or providing access to funds. The art of social engineering might include mining information from social media sites. LinkedIn, Facebook and other venues offer a wealth of information about organizational personnel. This can include their contact information, connections, friends, ongoing business deals and more.
The countermeasure to these methods is to stop, think, and investigate. Also, read the email headers to find out if an email is real or fake. To learn how to trace email headers, go to https://support.google.com/mail/answer/29436?hl=en
Once you have the email header, you can analyze the info by using this tool. Just copy and paste the email header into the analyze box, and click on analyze email. https://toolbox.googleapps.com/apps/messageheader/
Remember, when in doubt, it is better to delete than to click.