The five most common Phishing attacks

1900X290 Website Banner no copy

Simply put, ‘Phishing’ is the sending of fraudulent messages designed to trick recipients into revealing sensitive information or inadvertently deploying malicious software on their systems. Attacks are becoming ever more sophisticated as aptly named ‘Bad Actors’ (cybercriminals) seek to use workplace and socially pressured situations to make us do something we shouldn’t.

Although we’re well aware of the numerous scams and threats, criminals play the ‘numbers game’ and many are caught out as millions of people and organisations are targeted every day. And once access has been gained, attackers will spend a considerable amount of time planning an attack from within.

The five most common Phishing tactics that we should all be aware of are:

Email Phishing

Using email as the main method of contact is perhaps the most common method of phishing as it continues to dominate corporate communications. Criminals use fake emails and domain names by cleverly substituting and disguising characters in the email address, such as using characters from the Cyrillic alphabet that looks very similar.

Being on the alert for fake emails and messages of all types is essential, and you should always check the message sender details - especially if you are being asked to do something you were not expecting. Criminals hope that in our time pressured world, victims will hurriedly and carelessly click on malicious attachments or links when prompted.

Spear Phishing

This is more targeted phishing activity to steal information such as account credentials and financial information from more specific victims. Criminals try to obtain information about friends, places of birth, employers, recent purchases, hobbies and interests, and by disguising themselves as a trustworthy source with believable approaches, they try to acquire sensitive data from a more targeted audience, in contrast to random phishing activity. Spear phishing criminals invest more time, planning and effort in their activity in the belief that more lucrative outcomes can be manipulated.


Further along the cycle we find more advanced and sophisticated phishing attacks that are known as Whaling or Whale Phishing. These attacks are more targeted than spear phishing and typically focus on senior executives and more powerful, wealthy and prominent individuals. Although the end goal of whaling is the same as other types of phishing, the techniques tend to be more subtle. Victims of a whaling attacks are generally considered to be ‘big phish’ or whales. Attackers masquerading as CEOs and other c-suite executives rely on an individual’s power in an organisation to ask employees to take some action. It could be a 5pm Friday email from the CEO to a finance manager, asking them to urgently make a payment to a supplier that must be done that day. Or an instruction from the HR Director asking employees to update their information by completing the details on the link provided.

Bogus tax return scams are also a common form of whaling. Such returns contain valuable information including names, addresses, national insurance numbers and bank account information.

Smishing and Vishing

Smishing and vishing attacks use phones as their method of communication and attack. Smishing is the sending of text (SMS) messages, and operates in a similar way to email phishing. With business mobiles and smartphone access to the internet, malicious links and websites can cause as much this way as with corporate laptops – the end result is often the same. Vishing is probably the oldest form of attack and involves a telephone conversation. They are essentially the scam phone calls of old, and during and since Covid, the number of finance related attacks has grown exponentially as criminals pose as bank helpdesks and security departments, calling to help customers with issues and problems relating to their card or account.

Angler phishing

The rise of social media has led to this latest method of online cybercrime with attackers masquerading as the face of many companies that people may want to contact. Use of social media as a way to contact organisations about customer service issues has become very popular as it typically reduces the need to queue on the phone for long periods of time to speak to the right department. Fear of an adverse and highly visible public relations storm prompted many companies to invest in social media customer service, and criminals have been quick to exploit this. Users contact companies through social media can be intercepted by cyber criminals and fake links, cloned websites, posts, and tweets are all used to persuade people to divulge sensitive information or download malware. ‘Too good to be true’ retail offers on social media are also highly prevalent with bogus sites offering expensive goods at knockdown prices to unsuspecting shoppers.

Organisations can protect against attacks and the consequences of phishing by working with security partners to ensure they always have the latest and most advanced methods of protection. Whilst employee awareness and malware protection remain essential, email safeguards and brand security measures provide assurance against domain impersonation and spoofing attacks.

Related articles

Ai Image Websire v2

Innovation or a vulnerability: Is AI a threat to Cybersecurity?

We spoke to two of our professional services consultants, Grant Mossman and Malcolm Mason, and asked what their opinion on the rapid evolution of AI was and if this poses a threat to cybersecurity.

Mike Q Article banner v2

Co-Managed IT: Why partnering with an IT service provider makes perfect sense

Our Professional Services Consultant Michael Quittenden shares why co-managing your IT services could be the perfect solution for you and your business.

358X420 People on mobile 1

Best Practice Technology Guide for small, medium and start-up businesses

A best practise guide to the core technology areas that small, medium and start up businesses should consider.

Contact us to find out how we can help you
and your business today

Contact us

Further Insights

Paula Thomas Web v2

New Head of Enterprise Sales in Jersey

Paula Thomas has been appointed as the new Head of Enterprise Sales in Jersey.

Ai Image Websire v2

Innovation or a vulnerability: Is AI a threat to Cybersecurity?

We spoke to two of our professional services consultants, Grant Mossman and Malcolm Mason, and asked what their opinion on the rapid evolution of AI was and if this poses a threat to cybersecurity.

Chertesey house main image v2

Getting to the root of good connectivity with Chertsey House

With Sure Business's expert help, Chertsey House can concentrate on delivering first-class healthcare with efficiency, confident in the knowledge that their IT is taken care of. Read more to learn how we supported Chertsey with their technology needs.