Phishing is a type of cyberattack that uses email, SMS, phone, social media, and social engineering techniques to entice a victim to share sensitive information — such as passwords or account numbers — or to download a malicious file that will install viruses on their computer or phone.
Common phishing attacks include:
| Type | Description |
|---|---|
| Spear Phishing | Spear-phishing is a type of phishing attack that targets specific individuals or organizations typically through malicious emails. The goal of spear phishing is to steal sensitive information such as login credentials or infect the targets’ device with malware. |
| Whaling | A whaling attack is a type of social engineering attack specifically targeting senior or C-level executive employees with the purpose of stealing money or information, or gaining access to the person’s computer in order to execute further cyberattacks. |
| SMiShing | Smishing is the act of sending fraudulent text messages designed to trick individuals into sharing sensitive data such as passwords, usernames and credit card numbers. A smishing attack may involve cybercriminals pretending to be your bank or a shipping service you use. |
| Vishing | Vishing, a voice phishing attack, is the fraudulent use of phone calls and voice messages pretending to be from a reputable organization to convince individuals to reveal private information such as bank details and passwords. |