Types of phishing

Recent advancements in AI have not only refined phishing but also introduced a new threat vector: agentic AI. This evolution allows cybercriminals to conduct autonomous, self-improving attacks that adapt over time.

1. Email Phishing (Traditional Phishing)

🔹 Attackers send fake emails pretending to be from legitimate organizations (banks, social media, or IT support).

🔹 The email contains a malicious link or attachment that steals login credentials or installs malware.

Example:📧 "Your bank account has been locked. Click here to verify your identity."

How to Avoid:

• Check the sender’s email address carefully.

• Never click on suspicious links; hover over them to preview the actual URL.

2. Spear Phishing

🔹 A targeted attack against an individual or organization.

🔹 Attackers use personalized details (name, job role, or company info) to make the email seem legitimate.

Example:📧 "Hey [Your Name], I need your help with a financial report. Please review the attached file. – [Fake CEO]"

How to Avoid:

• Verify requests for sensitive information via phone or in person.

• Look for urgent or unusual requests, especially involving money or credentials.

3. Whaling (CEO Fraud)

🔹 A form of spear phishing that targets executives, CEOs, and high-profile employees.

🔹 Attackers impersonate a senior executive and request urgent actions like wire transfers or data access.

Example:📧 "This is the CFO. Transfer $50,000 to this account immediately for an urgent deal."

How to Avoid:

• Verify high-risk requests through another communication channel.

• Implement financial transaction approval policies requiring multiple approvals.

  
  

4. Smishing (SMS Phishing)

🔹 Phishing through text messages (SMS) instead of emails.

🔹 Messages often contain fake security alerts, prize notifications, or delivery updates.

Example:📱 "Your package delivery failed. Click here to reschedule: [Malicious Link]"

How to Avoid:

• Don’t click on links in unexpected texts.

• Contact the company directly through official numbers.

5. Vishing (Voice Phishing)

🔹 Attackers use phone calls to trick victims into revealing sensitive info.

🔹 Often disguised as bank representatives, tech support, or even law enforcement.

Example:📞 "This is your bank. We detected fraud on your account. Confirm your card number now!"

How to Avoid:

• Hang up and call the company directly using their official number.

• Never share PINs, passwords, or OTPs over the phone.

6. Angler Phishing (Social Media Phishing)

🔹 Attackers pose as customer support agents on social media.

🔹 They trick users into sharing account details through fake help requests.

Example:💬 "Hello, this is PayPal Support. Please DM us your account details to fix the issue."

How to Avoid:

• Only contact support through verified accounts.

• Never share sensitive info via social media DMs.

7. Clone Phishing

🔹 Attackers copy a legitimate email and resend it with malicious links or attachments.

🔹 The sender appears familiar, making it easier to deceive victims.

Example:📧 "Here’s the updated invoice you requested" (fake email replacing a real one).

How to Avoid:

• Always verify with the sender before clicking on new links or files.

• Look for small changes in sender addresses or email formatting.

8. Search Engine Phishing (SEO Poisoning)

🔹 Attackers create fake websites that appear in search results.

🔹 Victims land on these sites and unknowingly enter their credentials.

Example:🌍 Fake banking website at the top of Google search results.

How to Avoid:

• Always type the official website address manually.

• Check for HTTPS and verify the domain name.

9. Evil Twin Attack (Wi-Fi Phishing)

🔹 Attackers create a fake Wi-Fi hotspot with a familiar name (e.g., "Starbucks Free Wi-Fi").

🔹 When users connect, the attacker steals login credentials and data.

How to Avoid:

• Never enter passwords on public Wi-Fi.

• Use VPNs when connecting to public networks.

10. Watering Hole Attacks

🔹 Attackers infect a trusted website that employees of a specific company or industry frequently visit.

🔹 The website delivers malware or phishing exploits to visitors.

Example:🌐 Hackers infect an industry forum that employees of a financial company frequently visit.

How to Avoid:

• Keep your browser and plugins updated.

• Use DNS filtering to block malicious websites.