Most Common Types of Phishing Attacks
and How to Identify Them

1. Email Phishing

Phishing emails top this list as one of the oldest and most commonly used types of phishing attacks. Most attempts use emails to target individuals by pretending to come from a trustworthy sender. Dedicated hackers will copy the exact email format from a legitimate company and include a malicious link, document, or image file that can trick the user into "confirming" their personal information or automatically download malicious code.

How to Identify Email Phishing:

2. Spear Phishing

Spear phishing attacks are a more targeted approach to email phishing that focuses on specific individuals and organizations. Using open-source intelligence (OSINT), criminals can gather publicly available information and target entire businesses or subdepartments. They may trick users into believing the email is an internal communication or from a trustworthy source due to access to personal information.

How to Identify Spear Phishing:

3. Whaling

If spear phishing emails target specific groups or individuals, whaling is the practice of targeting high-level executives. Also known as CEO fraud, whaling attacks are typically much more sophisticated, relying on OSINT, plenty of research into the company's business practices, and even a deep dive into social media accounts. Because the goal is to successfully dupe the executive, the emails are usually extremely fluent in business communications with near-perfect English.

How to Identify Whaling Attacks:

Learn more about whaling attacks here.

4. Business Email Compromise (BEC)

A business email compromise is similar to whaling, but instead of attempting to trick the executive, it impersonates them. Criminals will impersonate or obtain access to an executive email account with decision-making authority and send internal requests to lower-level employees.

In 2014, Omaha-based agriculture company Scoular became a victim of a BEC attack. The corporate controller, Keith McMurtry, received an email from his CEO asking for an immediate wire transfer to acquire a Chinese-based company. The email detailed a lawyer who would be in charge of the transaction, and McMurtry wired in total $17.2 million to an offshore account. However, the email was ultimately fraudulent, containing fake phone numbers and email addresses.

How to Identify Business Email Compromise Attacks:

Learn more about business email compromise (BEC) here.

5. Voice Phishing

Voice phishing, also known as "vishing," is when a scammer calls your phone number in an attempt to steal information or money. New sophisticated technology allows criminals to spoof caller IDs and pretend to be from a trusted source. Typically, the caller will create a sense of urgency to appear authoritative and prevent the recipient from thinking clearly.

Some commonly used vishing attack tactics include:

How to Identify Voice Phishing:

6. HTTPS Phishing

HTTPS (hypertext transfer protocol secure) phishing is a URL-based attack that attempts to trick users into clicking a seemingly safe link. HTTPS is the standard protocol for traffic encryption between browsers and websites and requires TSL/SSL certificates to be enabled. In the past, browsers could detect sites that did not have HTTPS enabled as the first line of protection against cybercrime.

However, hackers now can obtain these certificates for free and add HTTPS to their phishing sites, making it harder to distinguish between what is safe and what is not.

How to Identify HTTPS Phishing:

7. Clone Phishing

Instead of sending fake emails, clone phishing takes a real email sent by an individual or company, copies it to near-identical levels, and resends it to the target with a new corrupted attachment or link. The email will appear as a resend and display at the top of the victim's inbox. In some cases, the phisher will use a fake but similar email, but more sophisticated hackers will spoof the email address to appear as if sent by a legitimate domain.

How to Identify Clone Phishing:

8. SMS Phishing

SMS phishing, or "smishing," is similar to vishing, but instead of calling, scammers will send SMS text messages with links or attachments. Because personal phone numbers are generally less accessible to the public, individuals tend to trust text messages more. However, with today's smartphones, it's just as easy for hackers to steal personal data through text message URLs.

How to Identify SMS Phishing:

9. Pop-Up Phishing

Although most people have an ad or pop-up blocker installed on their web browsers, hackers can still embed malware on websites. They may come as notification boxes or look like legitimate ads on a web page. Anyone that clicks on these pop-ups or ads will become infected with malware.

How to Identify Pop-Up Phishing:

10. Social Media Phishing

Aside from email, social media has become a popular attack vector for phishing attacks. With so much personal information displayed through social media, attackers can easily use social engineering attacks to access sensitive data. Billions of people around the world use platforms like Facebook, Instagram, Snapchat, and LinkedIn to network, which also increases the risk of phishing attempts.

These attacks usually involve a link that can send you to malicious websites to steal important information. In some cases, a scammer will befriend you in an attempt to steal money from you by pretending to be in trouble.

The most commonly used tactics include:

How to Identify Social Media Phishing:

11. Angler Phishing

Attackers can take social media phishing to another level by posing as customer support staff in an angler phishing attack. The scammers will create a fake account and contact a disgruntled user they found through comments or posts on a social media account.

During the interaction, the scammer offers assistance after verifying a few personal details and then provides a link to help resolve the issues. Of course, the link contains malware and the attacker has successfully exploited another victim.

How to Identify Angler Phishing:

12. Evil Twin Phishing

An evil twin phishing attack creates an unsecured Wi-Fi hotspot access point that baits unsuspecting users into connecting. Once connected, all inbound and outbound data can be intercepted, including personal data or financial information. Hackers can also prompt the users to visit a fake website portal in hopes the user will provide valuable authentication details.

Evil twin phishing attacks are most common in public areas with free Wi-Fi, like coffee shops, libraries, airports, or hotels. The best way to prevent becoming an evil twin phishing target is to use a virtual private network (VPN) while using public Wi-Fi.

How to Identify Evil Twin Phishing:

13. Website Spoofing

Attackers will create an entirely fake website in a website spoofing attempt to steal your personal information. A well-made fake website will contain the same elements as the original, including logos, text, colors, and functionality. Finance, healthcare, and social media websites are commonly spoofed because they often contain your most important information.

How to Identify Website Spoofing:

14. Email Spoofing

Email spoofing is when a scammer creates an entirely fake email domain to try and fool users into believing they are legitimate. To avoid detection, the attackers can edit the header of the email to include the name of a legitimate domain in hopes that the targeted user won't check the domain address where it was actually sent from. Because there is no domain verification under the Simple Mail Transfer Protocol (SMTP), so attackers can spoof emails easily.

Phishers can also choose to hide the sender's address to display only the name. They may try to use a real name that the targeted user will recognize so that they'll open the email. When the attacker combines both a real name and the legitimate domain name in the header, it can easily trick unsuspecting users.

Domain spoofing is different from DNS spoofing because it creates an entirely new domain rather than hacking the DNS server.

Learn more about email spoofing here.

How to Identify Domain Spoofing:

15. DNS Spoofing

DNS spoofing attacks (also known as DNS server poisoning or pharming attacks) are a more technical process that requires cybercriminals to hack a Domain Name Server (DNS), a server that translates domain names into IP addresses. When a DNS server is hacked, it can automatically redirect a URL entry to a malicious website under an alternate IP address.

Once the user lands on the corrupted website, one of two things may happen - 1) Malware is automatically downloaded onto the device, or 2) A spoofed website may appear, prompting the user to enter their login information or ask to confirm personal information or credit card numbers.

How to Identify Pharming Attacks:

Learn more about DNS spoofing here.

16. Image-Based Phishing

Image-based phishing usually finds itself in the content of a phishing email. In addition to hyperlinks and malicious URLs, images can also contain links to infected websites. In some cases, the image included may be the only thing in the email that has a phishing intention just to fool users into thinking the email is safe.

How to Identify Image-Based Phishing:

17. Search Engine Phishing

In search engine phishing, scammers create legitimate pages based on high-value keywords and searches to get them ranked on popular search engines, such as Google or Bing. These pages often feature an eye-catching offer to lure unsuspecting users. Once the users land on these pages, they're asked to enter banking information or their SSN. These fake pages often include:

How to Identify Search Engine Phishing:

18. Watering Hole Phishing

Watering hole phishing is a tactic that targets one particular company or group of people by infecting a third-party website they frequently visit. The attackers find and exploit a vulnerability on the website, infect the site with malware, and then bait users by sending emails directing them to the site.

Although this type of attack is less common than the others, once the hackers infect a single user, they can gain access to the entire network and system. Additional site visitors can also become victims, even if they have no relation to the main targeted group.

How to Identify Watering Hole Phishing:

19. Man-in-the-Middle (MITM) Phishing

A man-in-the-middle phishing attack is when an attacker intercepts and alters a communication chain, effectively becoming the "middleman." The attacker then controls the communication flow and is responsible for sending and receiving all messages. While the attacker is intercepting the data, he can manipulate it to gain personal information from both parties.

How to Identify MITM attacks:

Generally, MITM attacks are hard to detect, as URL errors are more likely the result of another phishing method. Network administrators must constantly monitor traffic to detect altered communication. Some signs that should raise red flags are: