What is a Phishing Attack? 5 Most Common Phishing Attacks

What is a Phishing Attack? 5 Most Common Phishing Attacks

Phishing attack at a glance

According to Verizon’s Data Breach Investigations Report 2019, phishing was directly and indirectly the cause of about 0ne-third of all data breaches and violations in 2019. Seemingly cyber-criminals are not relenting as phishing scams are becoming more innovative with every passing day with businesses and individuals become the targets of new strategies and overwhelming attacks.

In this article, we shall discuss 5 of the most common phishing attacks.

1. Email Phishing

Almost every phishing attack is conveyed via an email. Cybersecurity expert Avanan reports that 1 in every 99 email is a phishing attack, they further assert that one in 25 branded emails is a phishing email. Email phishing seems to be one of the most utilized phishing method by cybercriminals.

Criminals usually register a fake domain which imitates a legitimate organization through which they send tons of emails to several people with the aim of misleading them and maliciously obtaining personal information. Avanan further reports that 83% of people have received a phishing email.

2. Spear Phishing

Spear phishing can be sub-categorised under email phishing. However, unlike email phishing where messages are sent randomly to different emails, spear phishing is more direct and targeted to a specific person or group of people. Here the attacker sends targeted messages that the potential victim can relate to, by either using work or other personal information as a coy to obtain further information.

The SANS Institute reports that 95% of successful attacks on enterprise or business networks, are the result of spear phishing. A survey reported by infosecurity revealed that spear phishing was responsible for 38 percent of cyber-attacks on businesses.

Spear phishing is the most used phishing tactics. Its high success rate can be attributed to the direct and personal approach employed by attackers.

3. Whaling

Whaling attacks are not so different from spear phishing, only that they are more targeted and specific. The whaling phishing targets C-suite staffs of organizations or other high-level people, including those in top-management positions.

Cyber criminals use whaling attack to gain sensitive personal and financial information specific to an organisation.  Whaling often result in a huge financial loss and data breaches to organisations.


4. Phone Phishing

Phone phishing are not as common as email phishing, however, they are becoming more popular in recent times. Phone phishing can be further sub-divided into Vishing and Smishing.

  1. Vishing: this is a kind phone phishing that involves a phone call. Here the phisher calls you on phone pretending to be someone they are not. They could claim to be the police or your account officer and then request you to disclose some personal information like credit card details. Note: Your bank or any other authority will never request for sensitive information unexpectedly over a phone call.
  2. Smishing: This is a phishing attack sent via SMS. It is one of the easiest phishing tactics with growing occurrence rate. Smishing attack often convey a link to victims via SMS. Upon opening this link, the victim is redirected to a cloned web page via the mobile phone’s default internet browser where sensitive information is required.


5. Clone Phishing.

In the clone attack, the phisher or criminal who must have hacked into a communication channel; most likely an email, makes a clone of exchanged messages. After which they alter sensitive details in the message and resend to the unsuspecting receiver. Clone phishing attacks often leads to cases of fraud involving a huge amount of money.


Phishing attacks are on the rise and becoming a serious threat to not just individuals but organizations and governmental bodies. It is important to be aware that email messages might not be coming from the assumed sender.  Whenever it becomes suspicious, use different avenues to verify.