8 Most Common Types of Phishing Attacks
Learn to recognize the most common phishing attacks
Bad actors trying to trick people into giving up valuable information is the common denominator running through all types of phishing attacks. That info can be log-in credentials, personal information, or other sensitive data that criminals can use for identity theft, credit card fraud, account takeovers, or network breaches. Often the communications appear to be from legitimate senders, such as major retailers, banks, or service providers.
- Email Phishing
Attackers send authentic-looking emails designed to trick the recipient into giving up sensitive information or clicking on a link infected with malware. - Vishing
Vishing scams use phone calls to lure victims into giving up personal information or downloading malicious apps on their devices. - Smishing
Smishing criminals deploy fraudulent text messages that appear to be from trusted senders to steal information or deliver malware. - Spear Phishing
This customized attack targets a specific individual using one of the other attack methods. - Social Media Phishing
Bad actors exploit social media with infected posts or befriend victims to gain trust and persuade the victims to give up sensitive info or steal money. - Clone Phishing
Attackers copy legitimate messages and swap out authentic links or attachments with infected ones. - Pop-Up Phishing
Malicious pop-ups often claim there is a security issue with your computer or some other immediate problem to trick user into clicking bad links. - Website Spoofing
Attackers create a fake website that looks like that of a known business and steals login credentials when a victim tries to log into their accounts.
More than 34 percent of employees are prone to opening a suspicious email, clicking on a fraudulent link, or complying with criminal requests to provide sensitive information.
Security training and education are the number one defenses against all types of phishing attacks.
