Types of Phishing

Email Phishing

a malicious technique cybercriminals use to trick individuals into revealing sensitive information or clicking on malicious links by impersonating legitimate entities via email.

Spear Phishing

involves sending malicious emails to specific individuals within an organization. Rather than sending out mass emails to thousands of recipients, this method targets certain employees at specifically chosen companies.

Whaling

a type of cyberattack that targets high-profile individuals or executives within an organization, often referred to as “whales” due to their significance within the company.

Smishing

leverages text messages rather than email to carry out a phishing attack. They operate much in the same way as email-based phishing attacks: Attackers send texts from what seem to be legitimate sources (like trusted businesses) that contain malicious links.

Vishing

a type of cyberattack where fraudsters use phone calls to deceive individuals into providing sensitive information or performing certain actions.

Business Email Compromise (CEO Fraud)

a form of phishing in which the attacker obtains access to the business email account of a high-ranking executive (like the CEO). 

Clone Phishing

creating a malicious replica of a recent message you’ve received and re-sending it from a seemingly credible source. Any links or attachments from the original email are replaced with malicious ones. Attackers typically use the excuse of resending the message due to issues with the links or attachments in the previous email.

Evil Twin Phishing

setting up what appears to be a legitimate Wi-Fi network that lures victims to a phishing site when they connect to it. Once they land on the site, they’re typically prompted to enter their personal data, such as login credentials, which then goes straight to the hacker. Once the hacker has these details, they can log into the network, take control of it, monitor unencrypted traffic and find ways to steal sensitive information and data. 

Social Media Phishing

when attackers use social networking sites like Facebook, Twitter and Instagram to obtain victims’ sensitive data or lure them into clicking on malicious links. Hackers may create fake accounts impersonating someone the victim knows to lead them into their trap, or they may even impersonate a well-known brand’s customer service account to prey on victims who reach out to the brand for support. 

Search Engine Phishing

involves hackers creating websites and getting them indexed on legitimate search engines. These websites often feature cheap products and incredible deals to lure unsuspecting online shoppers who see the website on a Google search result page. 

Pharming

involves hackers exploiting the mechanics of internet browsing to redirect users to malicious websites, often by targeting Domain Name System (DNS) servers. DNS servers exist to direct website requests to the correct IP address.