What are the most common types of phishing attacks?

Data Online

There are several ways in which nasty criminals can try and gain access to things like your online banking accounts, social media profiles and online shopping accounts, but in the 21st century phishing is by far the most common. You really need to know what phishing is these days, and at Winzum we were nice enough to lay it out all in simple terms here [what does phishing mean].

Unfortunately, however, getting down to the roots of what phishing is isn’t quite this simple, because there are actually a variety of different types of phishing attack that we can all be victim too. Phishing scams do come in a range of different shapes and sizes; so keep reading for some of the most common types.

Email phishing

Chances are most of us would have experienced an email phishing attempt at some point in our lives, mainly because email phishing is by far the most common example of phishing fraud. Criminals will create a fake email address that looks deceptively similar to a genuine company such as Amazon or iTunes, and then send millions of emails to various people with a malicious link inside.

The good news is that email phishing is incredibly easy to spot in most cases; all you need to do is stringently check the email address in question. Additionally, make sure you never click on a link inside a strange looking email from a genuine company.

Spear phishing

Now, spear phishing is a much more sophisticated type of email phishing, and it can be really dangerous if you don’t know what it is. With spear phishing criminals will somehow have got their hands on some personal information about you, such as your job, date of birth and even colleagues names.

They will then use this in a phishing email, however due to the added information it will look a lot more legitimate than just a normal case of email phishing.

Whaling phishing

If you are not a senior employee at a large company you are under no threat of a so-called whaling phishing attack, because this type of phishing is targeted almost exclusively at very important members of various organisations.

However, with that being said, there have been cases where whaling phishing has been used in order to trick junior employees into sending money, for example, because they think that they have been contacted by their actual boss.


Whereas phishing is typically done through email phishing, the rise of instant messaging services over the last couple of decades has resulted in something called smishing too.

This is essentially the same as email phishing, however this time it takes place over platforms like Facebook.


Again, vishing is basically the same as email phishing, but in this case it is done over the phone.

One of the most common vishing scams involves somebody calling you claiming to be a fraud investigator and asking for sensitive personal details. Ironically, however, they are the fraudsters themselves!

Next Post Previous Post