12 Types of Phishing Attacks and How to Identify Them | EasyDMARC

12 Types of Phishing Attacks and How to Identify Them

8 Min Read

Phishing is a common type of cyberattack that poses threatening risks. In 2020, 75% of organizations experienced phishing attacks, and according to an ESET report, email-based attacks increased by 7.3% between May and August 2021.

Phishing attacks are considered a social engineering technique to steal victims’ sensitive data, such as login credentials, personal details, and credit card numbers.

For example, cybercriminals may impersonate a legitimate entity and use fraudulent websites to trick users into revealing their personal information.

Therefore, it’s crucial to practice security awareness to minimize the risk of falling victim to phishing attacks. We’ll explore 12 types of phishing attacks and share some helpful tips to identify them.

1. Email Phishing

Email phishing or deceptive phishing is a popular type of cyberattack in which attackers attempt to steal their victims’ sensitive information via email. The emails will often contain a malicious link that redirects users to a phishing web page. The attackers might also attach an unknown document containing malware.

There are several indicators to identify phishing emails:

  • Personal information request: A legitimate company or institution won’t request users’ personal information via email.
  • Unofficial email domain: A trusted organization should have an official email domain that matches the organization’s name. That said, attackers might use a public email domain or one that looks similar to an official email domain.
  • Malicious links: The message may include a link with a URL that looks similar to a legitimate organization’s website URL.

2. Smishing

Smishing or short message service (SMS) phishing is similar to a phishing email. The difference is that the attacker uses a text message to trick users into clicking a given link or making a phone call.

You can identify smishing by checking the following signs:

  • Unidentified phone number: Attackers use  unlisted or unknown phone numbers to deliver the message to their victims.
  • Personal data request: Attackers try to convince users to provide sensitive information.
  • Unsolicited link or code:The text message includes malicious code or unknown links.

3. Spear Phishing

Spear phishing uses email to steal confidential information by targeting a particular individual or organization. A spear-phishing attack is more advanced than email phishing scams, as the cybercriminal researches the target before initiating the attack.

There are several indicators to help users recognize spear phishing attacks:

  • Malicious attachments and links: The email contains an attachment the user hasn’t requested or a link that redirects to a malicious website.
  • Suspicious email format: The email format doesn’t match previous ones from the official organization. For example, it uses unusual phrases or has a sense of urgency.
  • Unusual requests for sensitive information: The sender forcefully requests the targeted user to reply and provide login details or other confidential information.

4. Pharming

Pharming is short for phishing and farming—a phishing attack that involves malicious code and a fake website. Pharming exploits victims’ internet browsing by corrupting the domain name system (DNS). The attacker uses DNS poisoning to modify the DNS table, which causes users to unknowingly visit malicious websites instead of legitimate ones.

Here are three signs of a pharming attack:

  • The web browser redirects to a fake website: Users are redirected to a phishing web page when they try to access an official website.
  • The website doesn’t use an encrypted connection: Instead of using HTTPS, the fake website uses HTTP.
  • The website contains suspicious elements: There may be spelling errors or unusual content. Other website elements, like colors and fonts, can also look off.

5. Vishing

Vishing or voice phishing is a phone call scam to trick victims into sharing their personal information. Cybercriminals use various approaches, like warning users that their account has been compromised or announcing that the targeted user has won a type of reward or lottery.

Users can identify a vishing attack by paying attention to the following signs:

  • The caller claims to be a legitimate entity: They impersonate legitimate institutions, such as banks, companies, or government agencies.
  • The attacker requests users’ personal information: Victims are asked to confirm their identities, such as name and birth date, to make them think that the caller is from a trusted organization.
  • The phone number has an unidentified area code: The caller’s number is unrecognized or has a different country code.

6. Angler Phishing

Angler phishing is a new phishing scam that targets social media users. The attackers disguise themselves as a social media platform’s customer service agent to obtain the targeted users’ account credentials.

The following tips can help identify angler phishing:

  • Check whether the account is verified: A verified account on a social media platform, such as Instagram, has a small checkmark icon next to the account name.
  • Be careful of any shortened links: If the account sends a message containing a shortened link, check whether the link is valid. Otherwise, we recommend not opening it.
  • Contact the official customer support team: Inform the platform’s legitimate support team for further investigation.

7. HTTPS Phishing

In an HTTPS phishing attack, cybercriminals use email to send a link redirecting users to a fake web page. In the email, the attackers convince users that the site is official and secure. For instance, victims may recognize that the link uses HTTPS.

The following two indicators might be helpful to identify HTTPS phishing:

  • Hyperlink: The attacker uses a hyperlink to hide the original URL. Examine the full URL by hovering your cursor over the given link.
  • The sender’s email domain: Checking the email domain can inform users whether the sender is from a legitimate entity or not. 

8. CEO Fraud

A CEO fraud attack or Business Email Compromise (BEC) targets employees by impersonating the CEO or high-level executives. The purpose is to steal confidential information such as the company’s tax returns documents, payroll information, or bank account details.

There are several indicators to identify this type of cyber attack:

  • A request to share confidential information: The attackers usually ask their victims to divulge sensitive information by replying to the email or clicking a malicious link.
  • A sense of urgency: The tone in the email body sounds forceful—asking the targeted user to act quickly. Sometimes, attackers use threats if the request isn’t  fulfilled immediately.
  • An unmatched email address: The attackers’ email address doesn’t match the legitimate one.

9. Clone Phishing

A clone phishing attack uses and copies emails from official service providers or companies in an attempt to steal users’ personal information. The attackers alter the emails by replacing or adding links that redirect to phishing sites.

Since clone phishing is similar to regular phishing emails, here are several ways to identify it:

  • Check the sender’s email address: Ensure that the email domain matches the legitimate email address.
  • Hover over the link in the email: Make sure the URL is an exact match with the official site’s URL.
  • Compare the email format: The email format should be the same as ones used by the official company or service provider.

10. Pop-Up Phishing

A pop-up phishing attack infects websites with malicious code, so a pop-up message appears whenever users visit them. These messages redirect users to phishing websites if they click on them. For example, a pop-up message may warn users about a security issue and request them to download a tool to fix the problem.

Pop-up phishing can be identified by carefully examining the following signs:

  • The link contains an unknown URL: Investigate the link by checking the long format of the URL. Malicious links usually contain unrecognized or unusual domain names.
  • The pop-up message asks users to take action: For example, it prompts users to click on the button or given link.

11. Evil Twin Phishing

Evil twin phishing is similar to a hack attack, where the attacker uses a fake Wi-Fi network to impersonate a trusted access point. This phishing scam often occurs in public areas, where businesses hey provide a free Wi-Fi hotspot to visitors.

There are several signs to recognize this type of phishing attack:

  • It appears as “unsecured”: Users get a notification that the network isn’t secure.
  • It redirects users to a suspicious login page: Once connected to the fraudulent network, it redirects users to a fake web page requesting the users’ login details.

12. Watering Hole Phishing

Watering hole phishing targets a specific organization by infecting websites usually used by the employees and luring them to a malicious site. The purpose is to gain remote access to the organization’s network and steal sensitive information, like financial files or login credentials.

If a watering hole attack compromises a website, there are several indicators:

  • The web browser redirects users to a suspicious site: Users are redirected to a different web page when clicking on the visited web page’s links.
  • The website asks users to download an unknown file: If opened, this file will install malware into the user’s operating system, allowing the attacker to gain remote access.


To sum up, phishing attacks are deceptive and can be easy to miss. If unsuspecting users fall for phishing scams, they risk exposing and losing valuable information, such as personal and financial details.

It might be hard to spot a phishing scam immediately, but you can avoid it by carefully examining the indicators of each type of phishing attack. Use our phishing link scanner to identify malicious domains.

This article covered 12 types of phishing attacks and various tips to recognize them. Remember to  stay vigilant!

Various authors from EasyDMARC teams have contributed to our blog during company's lifetime. This author brings everyone together.


Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us