Here’s a table summarizing the key types of phishing attacks:
| Type | Description | Primary Method | Common Target | Example |
|---|---|---|---|---|
| Email Phishing | Generic fraudulent emails sent to many people | General public | Fake “account alert” from a bank | |
| Spear Phishing | Personalized phishing targeting a specific individual or group | Employees, individuals | Email pretending to be from a known vendor | |
| Whaling | Phishing targeting high-level executives or VIPs | CEOs, CFOs, Directors | “CEO” requesting an urgent wire transfer | |
| Vishing | Voice-based phishing using deceptive phone calls | Phone call | Anyone with a phone | Fake tech support call asking for remote access |
| Smishing | Text message phishing | SMS | Mobile users | “Your bank account is locked—click here to fix” |
| Pharming | Redirecting users to malicious websites | DNS manipulation / Malware | Website visitors | Login page that looks like PayPal but isn’t |
| Clone Phishing | Duplication of a legitimate message with altered links or attachments | Previous email recipients | Resent email with a malware-laced attachment | |
| Business Email Compromise (BEC) | Spoofing or hacking into business email accounts to request actions | Email (Spoofed or Compromised) | Employees, finance departments | Fake invoice from a vendor requesting urgent payment |
| Angler Phishing | Using fake customer support profiles on social media | Social Media | Social media users | Fake support reply on Twitter asking for login details |
| Search Engine Phishing | Creating fake sites to show up in search results | SEO and Malicious Websites | Web searchers | Fake “download” site for common software |