Common Phishing Attacks

Phishing is a sneaky tactic cybercriminals use to steal your personal information or install harmful software, known as malware, on your devices.

Imagine receiving a message that looks like it's from a trusted friend, company or charity. It might claim there's an urgent problem or someone in need of help, urging you to click a link to take action.

Phishing comes in many forms. Learn about some of the most common methods below.

Email Phishing

Most phishing attacks use email. A scammer registers a fake domain or website name that mimics a real organization and then sends out thousands of generic requests.

• The fake website name often replaces one letter with another. For example, "r" and "n" might be put together to make "rn," which looks like "m."
• Phishing attacks might also use an organization’s name in a fake address (e.g., paypal@domainregistrar.com), so that a legitimate sender’s name (e.g., PayPal) appears in the recipient’s inbox.

Always check URLs and email addresses if you’re asked to click a link or download an attachment.

Spear Phishing

Spear phishing targets specific individuals and uses their personal information to trick them. This can include their name, school or employer, job title, email address, and details about their role.

Smishing & Vishing

Smishing uses text messages, while vishing involves phone calls. Both aim to trick you into clicking links, downloading attachments or sharing personal information.

Angler Phishing

Angler phishing uses social media to deceive you into giving up sensitive information or downloading malware. Scammers use fake URLs, instant messaging, cloned websites, posts and posts. They may also exploit information people share on social media, like geotagging, names, birthdays, and vacations.