The most common types of phishing attacks: Definitions and categories

Four main types of phishing

The four main types of phishing are distinct and based on their delivery methods, including via email, text message, phone call, and social media. 

1. Email phishing

Email phishing is a cyberattack in which a fraudulent message is sent to an inbox, urging the recipient to click on a link or download an attachment, which allows the attacker to steal sensitive information. Email phishing is usually not targeted at specific individuals but rather is a "bulk attack” with the goal of credential harvesting and gathering as much personal data as possible. 

Various types of phishing emails exist, but the most popular are scams that send legitimate-looking emails with a common request. While the email address or domain may appear legitimate, attackers will add or replace characters (e.g., my-account.com instead of myaccount.com), use a trusted business or organization name as the email address (myaccount@host.com), or use subdomains (e.g., myaccount.host.com) to fool people into opening a phishing email and convincing them they are trustworthy. 

Phishing email attacks use different methods to perform data theft, which may include encouraging people to: 

• Open a link to a malicious website that installs malware on their device. 
• Reply and send their personal data. 
• Click links to fake websites and submit personal data. 
• Download infected files that deploy malware. 

How can you spot a phishing email? Look for common elements like manipulated branding, spelling errors, incorrect names, generic information, fraudulent domain names that look legitimate, fake links, and emails that have a sense of urgency to spur you to open a link or respond. Also, don’t forget to use cybersecurity tools, such as anti-phishing software.

Spear phishing

Spear phishing is a targeted attack on a specific person that typically involves using emails to trick the victim into sharing personal information or login credentials or opening a link to download malware. 

Cybercriminals usually have access to personal information about their victims to create personalized messages that convince them to share their sensitive data. The information cybercriminals already have may include: 

• Job title
• Full name 
• Employer details 

Whaling 

Whaling, or CEO fraud, is a high-level attack targeting senior management or other roles at the top of a company or organization. It is similar to other phishing types but uses more subtle techniques.

Whaling aims to convince senior-level executives or employees to click on a phishing link that downloads malware or to share sensitive data or login credentials. 

Senior employees can be easier targets for cybercriminals because their personal information is often available in the public domain. The attackers use this information to craft an email, such as an invitation with a Zoom link for an upcoming meeting, which downloads malware when opened and allows criminals to steal data and money from a company or organization. 

Clone phishing

Clone phishing is a cyberattack where attackers clone real email messages, typically with attachments, and resend them pretending to be the initial sender. 

In the new cloned email, the scammer will make minor changes, such as adding malicious links or files that will grant the scammer access to the recipient's personal data. 

Attackers have different strategies for clone phishing. For example, some may duplicate a mass email from a popular brand and include a link to download malware. Others may hack an organization's email account to access emails they can duplicate. 

2. Smishing (SMS phishing)

Smishing is a phishing attack that comes via text messages on a cell phone. Cybercriminals will send an urgent request encouraging individuals to open a link, contact an email address, or call a phone number provided by the scammer. Victims are usually encouraged to open a link or share personal information like login credentials. 

Common smishing examples include receiving an urgent text message or SMS from a postal service, bank, or credit card company. One standard smishing attack is a courier or postal service sending a message that urges you to open a link so they can help deliver your package. The link either contains malware from a cybercriminal or will take you to a page where you input personal data. 

3. Vishing (voice phishing)

Vishing is a type of phishing that involves phone calls (often automated) in which scammers pretend to be calling from a trusted organization or business. Most vishing scams involve the scammer telling an individual that suspicious behavior has been picked up on an account and they need help verifying personal details. 

Cybercriminals may spoof their phone number to make it seem like they’re calling from the business or organization they claim to be. They will encourage individuals to share sensitive information and then use it to steal from them.  

Common vishing scams attempt to impersonate authority figures calling from Medicare, the IRS, a delivery business, a bank, or a tech support company. During the call, the scammer asks the individual to share personal details, including banking details, Social Security number, and other types of personal data. 

4. Angler phishing (social media phishing)

Angler phishing is a different type of phishing that uses fraudulent social media accounts that appear to belong to well-known businesses. This phishing attack aims to get individuals to share personal information or open a link containing malware. Attackers use angler phishing because they know consumers often look for social media accounts to file complaints with or seek assistance. 

Phishing types based on technique

Cybercriminals use various methods to target networks or individuals. Below are common attack vectors, including different types of phishing scams and browser-based attacks. 

Deceptive phishing

Deceptive phishing, a component of email phishing, is an attack in which criminals use deceptive technology to spread malware. People receive an email that states that they are already experiencing a cyberattack and that they must click a link. 

Examples include receiving fake emails from a bank or technology company with an urgent message to open a link to “fix” a problem. Tools like a link checker can help you determine if links are safe to open, especially when faced with stressful messages related to banking or technology issues.  

Pharming

Pharming can fall under “deceptive phishing” and is a more technical attack where attackers manipulate DNS records to redirect users from a legitimate website to a fake one, even if they type the correct address in the browser. Attackers then gather their login credentials to steal information. 

Website spoofing

Website spoofing occurs when a scammer builds a fake website, generally with fake domains, that looks real. Individuals then enter their login details or other personal information, which the attackers harvest. You can protect yourself from phishing attacks by using phishing detection tools like Threat Protection Pro™. 

Search engine phishing (SEO poisoning)

Search engine phishing is a technique that causes malicious websites to appear at the top of search engine results. Cybercriminals want to trick individuals into visiting these sites where they may request sensitive data or download malware on people's devices. 

Malware-based phishing

Malware-based phishing is a type of cyberattack that uses deceptive practices to encourage individuals to open malicious software. Different types of malware include worms, viruses, trojans, ransomware, adware, keyloggers, rootkits, spyware, and fileless malware.  

Calendar phishing

Calendar spam is a type of phishing where scam artists send fake calendar invites to deceive individuals into opening a malicious link. Attackers often misspell names or use fake email addresses. Calendar phishing is common in the workplace, and employees should know what official meeting or calendar links look like before opening a link. 

Pop-up phishing

Pop-up phishing is a common scam that encourages people to click a pop-up and install malware or provide sensitive data. Popular pop-up scams include pop-ups that say your computer is experiencing an attack and may include phone numbers for IT assistance. 

Phishing types based on payload delivery

Phishing is synonymous with cyberattacks, and payloads are the elements of an attack that cause harm to a victim. Payloads are commonly embedded into emails, fake websites, or other tools cybercriminals use and then are triggered to steal information or download malware on a victim's device. 

Link manipulation

Standard phishing attacks include fake links that look like they’re from legitimate businesses. Link manipulation typically involves misspelled URLs or subdomains that trick individuals into thinking they’re legitimate. 

Scammers use various strategies to fool individuals, including creating a fake subdomain for a real organization and making displayed text appear trustworthy. Internationalized domain names (IDNs) may also be used for IDN spoofing or homograph attacks, which allow scammers to build fake websites with addresses that appear legitimate. 

Link manipulation is a common phishing type and payload delivery method because cybercriminals can easily add corrupt links to emails and text messages. 

Attachment-based phishing

Attachment-based phishing is a method of social engineering where cybercriminals hide malware or malicious links in email attachments. The links often appear to be trustworthy files such as invoices, documents, or advertisements. 

Scammers regularly use holidays and current events to build phishing attacks around this type of payload delivery. Common attachment-based phishing examples include gift card or coupon scams.

Many people struggle to determine which email attachments are generally safe to open. Look for giveaways such as misspelled or unfamiliar names, bad grammar, or offers that are too good to be true. 

Fake forms

Cyberattackers use fake online forms as one payload delivery method to trick individuals into sharing personal information or downloading malware. Fake form submissions generally arrive by email and appear to be legitimate forms. Opening the form leaves the user vulnerable to the attack. 

Fake forms may come from cybercriminals pretending to work for Microsoft, Google, or other businesses. They can be sent via email or other methods, such as social media channels or text messages.

Quishing (QR phishing)

Quishing, or QR phishing, is a cyberattack where scammers use QR codes to divert victims to malicious websites or persuade them to download harmful material. This type of phishing attack may come via an email, printed flyer, social media, or other physical object, and it utilizes social engineering tactics to encourage victims to scan the QR code. 

What are the intentions of phishing?

While phishing typically has one goal — to steal from victims — it has four main subcategories: credential harvesting, financial gain, data exfiltration, and malware distribution. 

Credential harvesting

Scammers often use targeted phishing schemes to obtain victims' login credentials to online accounts. This attack is what’s commonly known as credential harvesting. Cybercriminals then use a victim's login information and other personal data to perform fraudulent activities such as transferring money from a victim's account. 

Credential harvesting is typically a method for gathering large amounts of data, such as usernames and passwords, without contacting the victims themselves.

Financial gain

Most phishing methods aim to gain victims' financial information. Cybercriminals steal sensitive data, including passwords, credit card details, and bank account information. Attackers then use the sensitive data to steal financial assets. 

Data exfiltration

Cybercriminals use phishing techniques to exfiltrate data. Most data exfiltration occurs when attackers steal information from mobile devices or computers and use it to blackmail or demand ransom. 

Malware distribution

Another intent of phishing is malware distribution. This type of attack persuades victims to open malicious links, which then download malware onto a device. Malware distribution typically occurs through emails, websites, software downloads, malvertising, and USB drives.