Types of Phishing

March 22, 2021

1:00-2:00AM PST

Every cyber-attack and online security breach seems to start with a phishing attack to steal sensitive information, dupe someone into downloading malware, or perform fraudulent transactions.  According to a 2020 Data Breach Investigations report by Verizon, phishing is among the leading threats associated with security breaches. Companies often ask employees to beware of phishing attempts, but many people don’t know how to identify such threats.

Proofpoint’s 2021 State of the Phish Report reveals that 74% of US businesses experienced a successful phishing attempt in 2020. Hackers evolve their techniques over time, requiring the constant evolution of security techniques as well. One of the best ways to upgrade security is to contact the Number One email security agency, Trustifi. Trustifi’s system provides an extra layer of security to the user’s ordinary emails. 

Of course, not all phishing attacks work the same way. From mass email phishing to smishing,  the following types of phishing attacks should be on every organization’s watch list.

Mass Email Phishing

Mass email phishing is the most common  attack and has been around for ages. In this type of phishing, the attacker blasts an email to a multitude of addresses. The email usually prompts the user to click  immediately on a link or URL, otherwise their account will be compromised. 

Such attacks are often easy to recognize because the English level in the message body isn’t professional. Some fake messages, however, can be hard to spot when the English and grammar are almost perfect.  So, another way to spot a phishing message is to check the sender’s address on the email and the URL on which the user is supposed to click. If the sender’s email address does not come from an authentic domain, or if the URL address doesn’t represent a legitimate company’s website, the recipient can know they are being phished.

Spear Phishing

Spear phishing is targeted phishing. The imposter uses personal information in the attack to make the victim believe they are personally related to the sender. The purpose of spear phishing, though, remains the same as mass email phishing, namely, to deceive the user into clicking on malicious URLs or attachments.

Spear phishing depends mainly on obtaining personal information about the recipient. Users should be cautious, therefore, about posting personal information on the internet.


Whaling is an even more sophisticated type of spear-phishing as it also targets a specific victim. Instead of small fish, however, it targets the big fish. Whaling goes after the C-level officers within a company, e.g., The CFO or the CEO. An example of Whaling would be an executive receiving an email that their organization is being sued and they must click the URL to get more details of the situation. The URL redirects them to a fake page where the victim may enter their sensitive company data such as Tax ID number and bank account number.   


Smishing is phishing that uses SMS text messaging to gain the user’s attention. A typical smishing message includes a phone number to call or a URL to click. A common example is receiving an SMS text that looks like a legitimate message from the user’s bank telling them to call immediately, otherwise their account could be compromised. When the user calls the bogus number, the perpetrator asks the victim to provide their bank account number, social security number, or PIN.


Vishing is similar to other phishing attacks in that the attacker’s goal is to get the victim’s sensitive information or personal data. Vishing differs, however, because it happens through a voice call. An example of vishing is getting a call from the perpetrator posing as a Microsoft agent worried about the user because they seem to have a virus on their PC. The victim gives the fake agent their credit card information to install an updated version of antivirus software on their PC. The perpetrator now possesses the user’s credit card details and can exploit them to cause all kinds of mischief.

This article summarizes phishing attempts that companies face. Perpetrators are always coming up with the new techniques and approaches to scam the user, and they seem to have infinite resources. Trustifi’s anti-phishing services provide reliable security to the user and the company. Contact Trustifi today to learn how simple and affordable adding security to your email system can be.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization