The five most common Phishing attacks

1900X290 Website Banner no copy

Simply put, ‘Phishing’ is the sending of fraudulent messages designed to trick recipients into revealing sensitive information or inadvertently deploying malicious software on their systems. Attacks are becoming ever more sophisticated as aptly named ‘Bad Actors’ (cybercriminals) seek to use workplace and socially pressured situations to make us do something we shouldn’t.

Although we’re well aware of the numerous scams and threats, criminals play the ‘numbers game’ and many are caught out as millions of people and organisations are targeted every day. And once access has been gained, attackers will spend a considerable amount of time planning an attack from within.

The five most common Phishing tactics that we should all be aware of are:

Email Phishing

Using email as the main method of contact is perhaps the most common method of phishing as it continues to dominate corporate communications. Criminals use fake emails and domain names by cleverly substituting and disguising characters in the email address, such as using characters from the Cyrillic alphabet that looks very similar.

Being on the alert for fake emails and messages of all types is essential, and you should always check the message sender details - especially if you are being asked to do something you were not expecting. Criminals hope that in our time pressured world, victims will hurriedly and carelessly click on malicious attachments or links when prompted.

Spear Phishing

This is more targeted phishing activity to steal information such as account credentials and financial information from more specific victims. Criminals try to obtain information about friends, places of birth, employers, recent purchases, hobbies and interests, and by disguising themselves as a trustworthy source with believable approaches, they try to acquire sensitive data from a more targeted audience, in contrast to random phishing activity. Spear phishing criminals invest more time, planning and effort in their activity in the belief that more lucrative outcomes can be manipulated.


Further along the cycle we find more advanced and sophisticated phishing attacks that are known as Whaling or Whale Phishing. These attacks are more targeted than spear phishing and typically focus on senior executives and more powerful, wealthy and prominent individuals. Although the end goal of whaling is the same as other types of phishing, the techniques tend to be more subtle. Victims of a whaling attacks are generally considered to be ‘big phish’ or whales. Attackers masquerading as CEOs and other c-suite executives rely on an individual’s power in an organisation to ask employees to take some action. It could be a 5pm Friday email from the CEO to a finance manager, asking them to urgently make a payment to a supplier that must be done that day. Or an instruction from the HR Director asking employees to update their information by completing the details on the link provided.

Bogus tax return scams are also a common form of whaling. Such returns contain valuable information including names, addresses, national insurance numbers and bank account information.

Smishing and Vishing

Smishing and vishing attacks use phones as their method of communication and attack. Smishing is the sending of text (SMS) messages, and operates in a similar way to email phishing. With business mobiles and smartphone access to the internet, malicious links and websites can cause as much this way as with corporate laptops – the end result is often the same. Vishing is probably the oldest form of attack and involves a telephone conversation. They are essentially the scam phone calls of old, and during and since Covid, the number of finance related attacks has grown exponentially as criminals pose as bank helpdesks and security departments, calling to help customers with issues and problems relating to their card or account.

Angler phishing

The rise of social media has led to this latest method of online cybercrime with attackers masquerading as the face of many companies that people may want to contact. Use of social media as a way to contact organisations about customer service issues has become very popular as it typically reduces the need to queue on the phone for long periods of time to speak to the right department. Fear of an adverse and highly visible public relations storm prompted many companies to invest in social media customer service, and criminals have been quick to exploit this. Users contact companies through social media can be intercepted by cyber criminals and fake links, cloned websites, posts, and tweets are all used to persuade people to divulge sensitive information or download malware. ‘Too good to be true’ retail offers on social media are also highly prevalent with bogus sites offering expensive goods at knockdown prices to unsuspecting shoppers.

Organisations can protect against attacks and the consequences of phishing by working with security partners to ensure they always have the latest and most advanced methods of protection. Whilst employee awareness and malware protection remain essential, email safeguards and brand security measures provide assurance against domain impersonation and spoofing attacks.

Related articles


The power of partnerships: Mimecast, Microsoft and beyond

We work with such established companies, as well as many others, to give our clients access to the best products and solutions on the market.

940X529 Working from home 4

Cybersecurity Checklist for Remote Working

Alongside agile and flexible working practices, organisations should create a set of security policies that cover operational standards, cyber incident responses, and disaster recovery plans for all types of events, and these are especially significant for home working scenarios. Here is a checklist.

767X575 Cybersecurity 4

Secure your email communications with AI cybersecurity

Email is still the leading business communication tool, and its continued success over the years makes it a natural target for fraudulent cybercrime activity.

Contact us to find out how we can help you
and your business today

Contact us

Further Insights


The power of partnerships: Mimecast, Microsoft and beyond

We work with such established companies, as well as many others, to give our clients access to the best products and solutions on the market.

768X384 People at work 6

Supporting your business on its technological journey: a selection of Sure Business case studies

The vast array of products and solutions Sure Business has to offer is a great way to demonstrate how forward thinking we are, with a finger firmly on the pulse in terms of new technology.

TT logo

Isle of Man TT innovations

Sure, supported several new technological advancements to improve the riders’ safety.