Phishing is cybersecurity’s largest threat and affects people all over the world. Anyone can receive phishing emails, calls, and messages. In a typical scam, bad actors might ask for personal information, company data, or both. Because phishing is a broad term, we’ve broken down nine of the most common techniques (in no particular order) so you don’t get hooked.


1. Deceptive Phishing

Deceptive phishers use threatening words to convince the user to provide information. These scams include shortened, malicious links along with legitimate ones to confuse email filters. Typically, there will be little text, or it the message will be inside an image.

(Read how Agio Shield uses AI to detect malicious links and prevent them from reaching users.)


2. Email Phishing

There are several specific methods to email phishing, including many strategies listed here. All types of phishing emails share similarities, such as incorrect email addresses.


3. Search Engine Phishing

Phishers create fake websites, often claiming to offer sales or other seemingly real information. When an unknowing user clicks on the link via the search engine, the phishing attack website asks them for personal information, such as bank and credit card numbers.


4. Spear Phishing

Spear phishing emails are extremely specific. They address the recipient with their name, place of employment, position or rank, and work phone number. This information tricks the recipient into believing the sender knows them.



5. Whaling

Much like spear phishing, whaling is another targeted attack — though this time aimed at executives. If a hacker receives the credentials, they can authorize money transfers or scam other employees for tax information.


6. Vishing

Also know as voice phishing, vishing scammers call individuals and act like they’re from a reputable company. They might disguise their caller ID or use industry-specific language to convince the listener that they’re legitimate. Typically, phishers of this type still ask for personal information. This real-life example shows just how easy it is to fall prey to a vishing scam.

See also  Vital Lessons from LPL & Ameriprise Ahead of Copilot Implementation


7. Angler Phishing

Angler phishing starts on social media platforms. A bad actor creates fake URLs, posts, private messages, and more to steal information or install malware. The phisher usually claims to be a customer service team member hoping to reach a disgruntled customer.



8. Smishing (SMS Phishing)

Bad actors send text messages to victims. They also use malicious links to ask for personal information. A scammer might trick you into downloading an app or entering data into a form.


9. Pharming

First, pharming hackers install malicious code onto the victim’s computer. The code automatically directs the user to the hacker’s fraudulent website. Even if you type the full web address in by hand, the code will send you to their website instead, where they can harvest your data.


Detect Phishing With Agio

Agio can help you identify phishing and set up cybersecurity plans that will help you respond to and prevent attacks. For more information, learn about our phishing services here.