Skip links
5 Types of Phishing Attacks and how to spot them

5 Common Phishing Attacks and How to Spot Them

Phishing attacks are a form of social engineering where a cybercriminal imitates a trusted entity and tricks an individual into opening a fraudulent email, SMS, or instant message. This message is designed to deceive the victim into sharing sensitive information or clicking a link that will run malicious code. In 2022,83% of UK businesses that suffered a cyber attack in 2022 reported the attack type as phishing.. Unfortunately, if these lead to a data breach or ransomware attack, this can be devastating for businesses, and they often result in a loss of customers. The phishing methods that cybercriminals use are becoming more complex, so it is essential to understand these methods to be able to spot them before your business falls victim to a cyberattack.
5 type of phishing attacks to look out for

Spear Phishing

Spear phishing is an attack where the cybercriminal has researched their target and found personal information to tailor the attack to them. This is typically more successful than bulk phishing, as when an email contains personal information, it lowers the target’s guard, making them more likely to open a malicious link or file.

These emails may include the victim’s name, or place of work, imitating a supplier or third-party technical support requiring the user to send their password for security purposes. Spear phishing attempts can be difficult to spot; however, you should always verify suspicious requests in person and never share your password with others.

Phishing Attack
5 type of phishing attacks to look out for


Bulk phishing is the most common form of phishing attack. This is where a cybercriminal sends a large number of fraudulent emails to employees and individuals. Although they are not tailored to the victim, they can be effective as if enough emails are sent, eventually, someone will open one.

Examples of bulk phishing attempts include emails relating to winning a prize, issues with the user’s account, or emails stating that a password has expired and needs to be changed. Some of these can easily be spotted due to the email’s poor grammar, spelling and design; however, others are nearly indistinguishable from an official email. You should always check where an email has come from and look for different spellings of the email address or URLs in the text. It is always safer not to open an email if you are ever in doubt.

5 type of phishing attacks to look out for


Whaling is a form of spear phishing where the attacker targets a company’s executives in order to steal login credentials. This can be devastating for a company, as an executive’s account often has high-level access to the network along with employee and customer data. Threat actors may also use a spear phishing attack to gain access to an employee’s email account then use their account to phish the executive as they are more likely to trust an email from an employee than an unknown individual. It is important for an entire company to be aware and educated about cybersecurity, especially executives, and there should be policies and software in place to avoid high-level employees being phished.
5 type of phishing attacks to look out for

Vishing and Smishing

Vishing, also known as voice phishing, are attacks performed over the phone or VoIP. These are often messages imitating a bank or technical support asking for account information for security purposes. These can be detected as fraudulent as a company never asks for personal information over the phone. Another method of detecting if a call is fraudulent is by checking to ensure the number that has been called is listed on the official company website and not a known scam phone number.

Smishing or SMS phishing is using phone text messaging to mislead or deceive a victim. These can be particularly effective as text messages are more likely to be read and responded to than emails. It is essential to apply the same level of scrutiny to phone calls and text messages that you would an email, as it is just as dangerous of an attack vector.

91% of all cyber attacks start with an email

Protect your business today from email bourne threats by contacting one of our team. We can arrange a free threat scan to see what might lurk in your inbox!

0121 289 3434

[email protected]
Email Protect
By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. More about Cookies