Types of Phishing Attacks (original) (raw)

Last Updated : 23 Jul, 2025

Phishing is a kind of cyber attack that is used to **steal users' information including login details and credit card numbers. Most of the data breaches involve scams seeking to steal people's sensitive information or login credentials, which is a type of phishing attack. A phishing attack can be carried out with the help of fake emails cloning legitimate websites and tricking the user into revealing sensitive information.

**Types of Phishing Attacks

Phishing attacks can take various forms, all with the common goal of stealing sensitive information. From emails and phone calls to social media and fake websites, attackers use different methods to deceive victims into revealing their personal data. Here are some of the most common types of phishing attacks that take place.

**1. Email Phishing

**Email Phishing is a type of cyber attack where attackers send **fraudulent emails that appear to be from legitimate sources in order to deceive recipients into revealing sensitive information, such as login credentials, financial details, or personal data. These emails often contain malicious links, attachments, or requests for action, such as resetting a password or verifying account information, all designed to steal or compromise the recipient's data.

Email phishing could targets users in the following ways:

**Impersonation of Trusted Entities:

Use the organization's name in the local part of the email address.

**Example: such as using amazon@domainregistrar.com, by doing this the sender's name would appear as only 'Amazon' in the recipient's inbox.

Fake domain names could also use character substitutions, such as using “r” and “n” side-by-side to make “rn” instead of “m.

**Urgency and Threats:

Phishing emails often create a sense of urgency by claiming that immediate action is required, such as locking your account or resolving a security issue.

**Example: "Your account has been compromised! Click here to reset your password before your account is locked."

**Malicious Attachments:

Attackers may send attachments that contain malware. When opened, these files can infect the victim's device with viruses, ransomware, or spyware.

**Example: An email that includes an invoice attachment, which, when opened, installs malicious software.

**2. Whaling

**Whaling is a type of phishing attack specifically aimed at high-profile individuals within an organization, such as CEOs, CFOs, or other executives, with the goal of stealing sensitive company information. These attacks are highly targeted and involve extensive research, often utilizing publicly available resources like social media, to craft a personalized approach for each target. The term "whale" refers to the significant impact of the attack, as it exploits the influence and key role of these important figures within the company.

A few real world examples of this attack could be:

**CEO Fraud:

An attacker impersonates the CEO of a company and sends a convincing email to the CFO, asking for an urgent transfer of a large sum of money to a foreign bank account. The email is crafted to look legitimate, using the CEO's name and familiar email signature. Since the request seems urgent and comes from the highest authority in the company, the CFO acts quickly and transfers the funds without verifying the request.

Emails may require a money transfer or require the recipient to review documents. A whaling attack is also known as CEO fraud. Scams involving fake tax returns are an increasingly common type of whaling.

An attacker checks a company’s executives' social media profiles (LinkedIn, Twitter, etc.) to learn about their upcoming travel plans, company events, or personal interests. They then craft a phishing email that references specific details, such as a recent business trip or a project the executive is leading, making the email seem more authentic. The attacker might ask for personal information or prompt the executive to click on a malicious link.

In 2016, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated the Chief Executive Officer and asked for employee payroll information. The phishing email wasn’t recognized and payroll information about some current and former employees was disclosed externally.

**3. Vishing

Vishing is short for "voice phishing", which consists of tricking people through phone calls, persuading them to reveal sensitive information. The attackers spoof numbers that belong to real companies, or impersonate call center professionals.

**Solving a problem with your account:

The caller impersonates a representative from your bank or an organization you’re affiliated with, claiming there is an issue with your account. They might say things like, "Your account has been blocked" or "The payment you recently made failed." Using this sense of urgency and panic, the caller then requests sensitive information, such as your account number or card details.

**Enrollment scams:

Attackers may impersonate government officials and claim that offer you help to enroll in a program to receive financial assistance. To complete the process, they ask you to share your account information, which they will later exploit for fraudulent purposes.

**4. Smishing

Smishing is a phishing attack that targets individuals through SMS (Short Message Service) or text messages. The term is made up of "SMS" and "Phishing". Often the text includes a link that, when clicked, installs malware on the user's device or redirects to a malicious website.

Smishing is often carried out in the following ways:

**Malware

The smishing URL link might trick you into downloading malware, that installs itself on your phone. This SMS malware may look and act like a legitimate app, tricking you into typing in confidential information and sending this data to the attackers.

**Malicious website

The link in the smishing message might lead to a fake site that requests you to type sensitive personal information. Attackers use targeted malicious sites designed to mimic reputable ones, making it easier to steal your information

**5. Angler Phishing

Angler phishing is a type of phishing that takes place on social media platforms, where attackers exploit the fact that companies use these platforms to engage with customers. The attackers impersonate customer service or support teams, responding to dissatisfied customers and directing them to fake, malicious websites under the pretense of helping resolve their issues.

**Fake Customer Support Account:

An attacker creates a fake customer service account on Twitter, pretending to represent a well-known brand. They respond to a customer’s tweet about an issue, offering assistance. The attacker directs the customer to a phishing website that looks like the official company's site, asking for login credentials or payment details.

The victim unknowingly provides sensitive data to the attacker, believing they are dealing with official support.

**Fake Event or Contest:

Attackers create a fake social media post or reply to a complaint, claiming the company is running a contest or giveaway. The user is directed to a fake page to "claim their prize," where they are asked to enter personal information such as credit card numbers or social security numbers.

The victim shares sensitive data, thinking they’ve won a prize, which is later used for fraud or identity theft.

**6. HTTPS Phishing

HTTPS is the secure version of for HTTP protocol and with increasing cyber awareness, users often lookout for the HTTPS in the website, and feels more secure to share their data when it's HTTPS rather then HTTP. HTTPS phishing, is also known as “secure phishing” or “**ssl phishing**".

The attackers follow the following steps to carry out this attack:

1. Making a Fake Website:

Attackers make a fake website that resembles to the real one. They copy the target site’s design, language, and even URL structure.

2. Getting SSL/TSL certificates:

Attackers buy **Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates for their fake websites. They are issued by **Certificate Authorities (CAs) for HTTPS. They use false information to get these certificates.

3. Tricking the Users:

Use social engineering to urge users into using the website and clicking on the links they want them to. These phishing emails can also bypass spam filters, making it easier for them to reach their targets undetected.

4. Data gathering:

When users visit a fake website, they are asked to provide personal information like **login details, credit card numbers, or other personal data. To make the site look real, the address bar may show a **lock icon next to the URL, which is a common safety feature used by legitimate websites. This misleads users into thinking the site is safe.

The hackers then collect the information victims enter and use it for illegal activities like identity theft, stealing money, or accessing accounts without permission.

**7. Spear Phishing

Spear phishing attacks are targeted attacks on individuals that are carried out after an intense research on the victim's life, work, friends, family etc. to curate the attack to induce a sense of familiarity and make the trap unbeatable. This is often done by scraping information through the social media platforms, contacts, social media interactions etc. This type of phishing attack uses email to deliver but with a specific targeted approach.

Spear phishing could be carried out in the following ways:

**Impersonating an Executive for Financial Requests

An attacker impersonates the CEO and sends an email to the finance department, requesting an urgent transfer of funds to an overseas account, with a fabricated invoice attached.

**Compromised Email Account

An attacker gains access to an employee’s email account and sends phishing emails to colleagues, asking them to open a document or click on a link that installs malware.

**8. Pharming

In a pharming attack, the attackers hack a Domain Name server (DNS). The domain names are translated into IP addresses with the help of DNS. Whenever a user types a URL in a browser, the server will redirect the user to a fraud or cloned website that might look exactly the same as an original or legitimate website.

It's also known as “pharmaceutical phishing” or “**phishing without a lure**,” “pharming” is a combination of the words “phishing” and “farming,” indicating the large-scale nature of the attack.

The goal of such attacks is to trick users into revealing their personal information, such as usernames, passwords, credit card details, or other sensitive data.

For Example****,**

**DNS Poisoning Attack

An attacker infects a victim's computer or the DNS server with malicious code that alters the system’s DNS settings. This causes the victim's browser to redirect them to a fake banking website, even when they type in the correct website address (_e.g., www.bank.com). The fake website looks identical to the legitimate one and prompts the user to enter their account credentials.

The attacker captures the login information and can then use it for fraudulent transactions or identity theft.

Most websites make use of pop-ups in a website to address important things. Cyber attackers place malicious code in the pop-ups that appear on a website like a browser prompts the message _www.example.com wants to show notifications. When we click on allow notifications, it automatically installs malicious code that may contain malware or other harmful content.

**For example

A user visits a popular website, and while browsing, a pop-up appears claiming to be a security alert from their bank. The pop-up message says something like:

****"Urgent: Your bank account has been locked due to suspicious activity. To restore access, please click here and verify your identity."**

The pop-up includes a button that says "**Verify Now." When the user clicks on it, they are redirected to a fraudulent website that looks identical to their bank’s official site. The fake site asks the user to enter personal information such as their login credentials, account number, and credit card details, which is then stolen by the attacker. The attacker can use this information to access the victim's bank account or conduct fraud.

**10. Clone Phishing

**Clone phishing involves copying a legitimate email that was sent before to trick victims. Hackers intercept an email from a trusted source, replace the links or attachments with malicious content, and resend it to the same people. To make the email seem believable, hackers give a simple reason for why it’s being sent again. They also use typical phishing tricks, like pretending to be the original sender, to make the email look legitimate.

**Clone Phishing Example

You receive a genuine email from a trusted company, then get the same email again with a reason like "forgot to include info." Trusting it, you click a link or open an attachment, unaware it’s a cloned email with malicious content meant to steal your data or infect your device.

**11. Evil Twin

In an evil twin attack, the attacker makes use of a fake Wi-Fi hotspot to carry out **man-in-middle attacks. With help of the fake WIFI hotspot, the attacker can steal login credentials or personal information.

**Public Wi-Fi at a Cafe:

You’re at a cafe and see two Wi-Fi networks: one named "**Cafe_WiFi" and another called "**Cafe_WiFi_Free" The second network is an **Evil Twin set up by an attacker, who wants to intercept your data. You connect to the "free" network, unknowingly giving the attacker access to your browsing activity, login credentials, and sensitive data.

Conclusion

Phishing attacks come in various forms, each designed to deceive individuals into revealing sensitive information such as login credentials, personal data, or financial details. Whether through email, voice calls, social media, or fake websites, attackers exploit trust and urgency to manipulate their victims. Understanding the different types of phishing, including email phishing, whaling, vishing, smishing, and others, is crucial in recognizing potential threats.

Here's a table summarizing the key features of each type of phishing attack: