The Five Types of Phishing

Phishing: you may have heard of it. In the early days, it was Nigerian prince scams and Trojan viruses. Nowadays, they’ve added ransomware and spoofing to the mix.

Cybercriminals are constantly evolving their tactics, so you should be aware of what’s out there. By learning about phishing, you can fight against it better along with the help of phishing protection services.

Here are the five main types of phishing cybercriminals use, so you know how to prevent phishing emails in first place.


In a smishing attack, you’ll receive a compelling t text message on your phone. The main purpose is to get you to click on either a spoofed or malicious link. With phishing prevention tips you can avoid this completely.

If it’s a spoofed link, it’ll look like whatever company the scammer claims to be. Because of your familiarity with the real site, you’ll put in your username and password. Once they have your information, cybercriminals will then try this combination on various websites to try and gain access to your accounts.

If it’s a malicious link, it’ll start downloading malware onto your phone. It can look like a legitimate program, so you’ll trust it and type in your sensitive information, such as your Social Security Number.


Vishing is phishing done through “voice.” It’s a more basic type of phishing since all it involves is a phone call. The cybercriminal will either impersonate a person of authority or leave you a message with an automated recording.

The intention of vishing is to scare you into taking action. Most vishing scams involve urgent messages claiming that an important account (such as a bank account) has been compromised.

Search Engine Phishing

If vishing is simple, then search engine phishing is sophisticated. Cybercriminals do SEO research and create web pages, so they rank high on Google. That way, their fake website will have a higher chance of clicks.


Spear phishing

While regular phishing ”casts a net,” spear phishing narrows in on one target. This can be either a person or an organization. Cybercriminals research their targets extensively to gain their trust. Tactics are passing off as close friends and family or writing very convincing phishing emails based on the information found in their research. Learn how to stop phishing emails so you do not be a victim of spear phishing.


Whaling is when spear phishing happens to a high-level person in an organization. Whaling most often happens to corporate level workers, such as CEOs and CFOs.

Cybercriminals go after these targets, not for their personal information, but rather, the organization’s sensitive details. The scammers can then gain trade secrets they can sell.

Learn more about phishing prevention best practices to overcome all types of phishing attcks.

Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7. On any device. With features you’d expect in more expensive solutions:

All Plans Come With

  • Stops business email compromise (BEC)
  • Stops brand forgery emails
  • Stop threatening emails before they reach the inbox
  • Continuous link checking
  • Real-time website scanning
  • Real time alerts to users and administrators
  • Protection with settings you control
  • Protection against zero day vulnerabilities
  • Complete situational awareness from web-based console

Join 7500+ Organizations that use Phish Protection

Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes