Phishing 201: Advanced Phishing Techniques

Calendar phishing is when cybercriminals send calendar invites containing links or attachments. Their goal is to get you to click the link or open the attachment, both of which install malware onto your computer. Calendar phishing attempts often look like innocent RSVPs to events or meetings. To avoid calendar phishing attacks, change your calendar settings so that it doesn’t automatically accept invitations and accept invitations only from trusted parties.

Spear phishing is a very targeted attack. Much like actual spearfishing — focusing on one specific fish and catching it with a fishing spear — spear-phishing specifically targets victims using known information, such as their position within a company, hobbies or likes voluntarily shared over social media. With so much information readily available online, it’s very easy for cybercriminals to design very specific and personally tailored phishing emails that are more likely to be successful.

Angler phishing occurs when a scammer poses as a representative of a company’s customer support. This type of scheme got its name from how similar it is to angler fishing techniques in which a stationary fisher repeatedly casts their line and hook into the water, hoping for someone to take the bait. These phishing attempts are typically done by vishing or voice-phishing, but they can also be attempted via email or social media.

Whaling is a type of spear phishing that targets a company or organization’s senior management — the big fish in the sea. The tactic involves offering upper-level officials enticing offers or faked customer complaints. Cybercriminals rely on the fact that senior management can be too busy to properly review a message for the tell-tale signs of phishing.