It’s safe to say that we cover quite a wide array of cybersecurity topics within these Byte articles. But, if there’s one area we keep coming back to, it’s phishing. Why? Because it never stops evolving. Once the bad guys realize their trick isn’t working anymore, they either pull a new one out of their bag or find a way to get the old one working again. 

New angles, new delivery methods, new disguises. 

Phishing isn’t just one trick, though. It’s an entire family. Each member has their own personality and preferred style for wreaking havoc. 

Meet the Family

Here are some of the most commonly encountered variants of phishing: 
Angler Phishing 
Think of this one as phishing’s influencer-wannabe cousin. Angler phishing is all about creating a fake social media persona. The goal of this attack is to get unsuspecting users to provide login information or download malware from a webpage designed to steal their information. 
Evil Twin 
This attack’s namesake is already the perfect metaphor. The bad guys will set up a Wi-Fi network that looks real. When a user connects, they can see everything from login information to personal details.
Smishing 
Smishing is phishing’s Millennial/Gen Z niece. The only way you’ll encounter it is via text message. These attacks often appear as delivery notices, payment alerts, or account issues. They rely on pure urgency, hoping you’ll click their link in a panic.
Vishing 
Vishing is the old-school aunt of phishing. Learning new technology isn’t happening, but that’s why she still has a landline. If you’re contacted, it happens over the phone. Attackers will call, posing as someone else, hoping to charm you into giving up sensitive information. 
Whaling 
Last on our list is the little brother. Tired of living in phishing’s shadow, this attack uses a go-big-or-go-home approach. Whaling targets senior executives who have deep access to the entire operation, meaning that if the bad guys get in, they’re everywhere. 

Why it Matters

No matter the type, most phishing attempts boil down to one goal: They want what you have. The bad guys have a laundry list of tools at their disposal, and no concern for how their goal is achieved. Whether directly acquiring sensitive information like account details and login credentials, or setting a trap with malicious URLs, it’s all dangerous. 

Spam filters and automated tools may help, but they’re far from perfect. Harmful messages can still slip through. When they do, the only thing standing between your dealership and a breach is your team’s ability to catch it. 

Phishing attacks count on human error, but that doesn’t mean you need to be perfect. Here are a few practical ways to build a stronger defense: 
  • Update Systems Regularly 
    Keep your software up to date to reduce potential vulnerabilities.
  • Backup Your Data 
    Encrypt backups and ensure your vendor or provider follows the 3-2-1 rule. Three copies, two types of media, and one offsite.
  • Use Multi-Factor Authentication (MFA) 
    Add extra layers of security to sensitive accounts to prevent unauthorized access. 
  • Enforce Access Controls 
    Apply the principle of least privilege! Limit access to data based on necessity.
  • Segment Your Network 
    Reduce the spread of threats by isolating critical systems and data. 
Awareness and preparation go a long way. The more familiar you become with how phishing works, the more comfortable you can become at spotting the red flags. 

As phishing continues to evolve, tactics will change, and we’ll see new members join the family. But with the right habits, the right tools, and the right training, your dealership can stay a step ahead.