Advanced Phishing & BEC — Adult Preview

Phishing Has Evolved — Have You?

Forget the poorly spelled emails from supposed Nigerian princes. Modern phishing is sophisticated, targeted, and increasingly powered by AI. The days when bad grammar was a reliable red flag are over.

In 2025, phishing attacks caused more initial breaches than any other attack vector — and the attacks targeting individuals and families are more convincing than ever.

Types of Phishing You'll Encounter

Mass Phishing (Spray and Pray)
Generic emails sent to millions of people. These impersonate banks, shipping companies, subscription services, or government agencies. They cast a wide net:

"Your Amazon order has been delayed — click here to confirm your address"
"Unusual sign-in activity detected on your Microsoft account"
"Your IRS refund is ready for processing"

These rely on volume. If 0.1% of millions click, that's still thousands of victims.

Spear Phishing (Targeted)
Emails crafted specifically for you, using information gathered from social media, data breaches, or public records:

"Hi Sarah, I saw your post about the new house — here's a recommended home inspector" (with malicious link)
An email that appears to come from your child's school principal about an "urgent scheduling change"
A message referencing your actual workplace, projects, or colleagues

Spear phishing is dramatically more effective than mass phishing because it exploits context you trust.

Smishing (SMS Phishing)
Phishing via text message. Increasingly common because people trust texts more than email:

"USPS: Your package cannot be delivered. Update address here: [link]"
"Your bank: Suspicious transaction of $847.32. Reply YES to confirm or call [number]"
"Hi Mom, got a new number. Can you text me here?"

Vishing (Voice Phishing)
Phone calls from fake bank representatives, tech support, government agencies, or even family members (using AI voice cloning). These create urgency and exploit the authority of a phone call.

QR Code Phishing (Quishing)
Malicious QR codes placed on flyers, fake parking meters, restaurant menus, or in emails. When scanned, they redirect to credential-stealing websites.

Why Smart People Fall for Phishing

Phishing doesn't exploit ignorance — it exploits human psychology:

Urgency — "Your account will be suspended in 24 hours" bypasses careful thinking
Authority — Messages appearing to come from your boss, bank, or the IRS carry implicit trust
Fear — "Unauthorized access detected" triggers an emotional response that overrides rational analysis
Curiosity — "Someone shared a document with you" is hard to resist
Helpfulness — "Can you help me with this?" exploits our desire to be useful

The most effective phishing attacks combine multiple triggers. An email that appears to come from your boss, has urgency, and relates to something you're actually working on is extremely difficult to identify as fake.

The Data That Fuels Targeted Phishing

Attackers build profiles from:

Social media — Your LinkedIn shows your employer, role, and connections. Facebook reveals family relationships, locations, and interests.
Data breaches — Previous breaches provide email addresses, passwords, phone numbers, and sometimes physical addresses.
Public records — Property records, court filings, and business registrations are publicly searchable.
Corporate websites — Staff directories, org charts, and press releases reveal organizational structure.

The more an attacker knows about you, the more convincing the phishing attempt. This is why limiting your public digital footprint is a defensive measure against phishing.