Connecting Linkedin...

Banner Default Image

Phishing, pharming, whaling? Common data attacks and how to prevent them

7 months ago by Andrea Amato

A cybersecurity quest to ensure you and your team are prepared to prevent potentially irreversible data breaches in your jobs in Malta and beyond.


Phishing is a social engineering tactic where an individual’s personal information is stolen. Victims receive an email requesting the input of sensitive data through an external source, typically a fraudulent website. These websites are constructed to appear legitimate, and therefore poses a threat to users who work from home and in the office. To prevent a phishing attack, you can carefully inspect email content such as hovering over links to see where you are being re-directed, spelling errors, and generic greetings.


Where phishing communicates via email, pharming uses sophisticated techniques such as disguised DNS servers to claim its victims. Cybercriminals attempt to divert website traffic to other websites with bogus IP addresses (compromised DNS servers). Pharming attacks typically succeed in unprotected computers. In this case, you can prevent pharming through regularly updating your antivirus software and other protective software and ensure website domains include the secure https prefix.

Spear phishing & Whaling

Spear phishing (an extension of phishing) targets particular individuals or organisations. This is a smart tactic, as cybercriminals personalise emails and mobile messages for the individual(s) they are targeting. A study reported by Jagatic et al. (2007) demonstrated spear phishing to own a 70% success rate. Whaling, also known as CEO fraud, is a form of spear phishing that targets high profile individuals such as senior executives. As spear phishing presents a more serious form of phishing, employee security awareness training is an important preventative measure, especially for remote jobs. To prevent whaling, further security measures such as multi-factor authentication can help fend off sensitive information getting in the wrong hands.

SMS & Voice Phishing

More recently, cybercriminals have targeted phone numbers where individuals are sent messages that include fraudulent links and contact details. With voice phishing, users are asked to call a number (with disguised caller IDs that appear legitimate) and provide personal information. You can avoid SMS and voice phishing by ignoring calls from unrecognised numbers, and not provide personal information over the phone. If you are in doubt of why a company is trying to reach you, research their contact number and call the entity back to voice any concerns.

This article is from the Castille Quarterly Newsletter | March 2021