6 Most Common Types of Phishing Attacks

6 Most Common Types of Phishing Attacks

Within the last few years, cybercrime has increased dramatically. The most common type of cyberattack is called phishing. This is an umbrella term for attacks that occur over email, web, websites, or chat and they’re designed to impersonate another individual. 

While organizational structures have historically been a single “security-focused department” within an organization’s IT structure called SecOps or SecOps/CDM (Compliance/Data Management), one has to assume starting with these other structures as well versus just placing everything under the Security umbrella will allow for better. That’s not always an option for small- to medium-sized businesses.

That’s a frustrating obstacle to minimizing risk. But phishing attacks happen every day in so many different ways. To help you better understand the different types of security attacks that are used, here are 6 of the most common types. 

Email Phishing

Commonly, most phishing attacks will be done over email. The hacker will register a fake domain that mimics a real organization and send out thousands of requests. Most of them are requesting the need for a password update or credit card information. As a general rule, you and your team should always check the email address of any message that asks you to click a link or download an attachment. If you have an internal IT team or MSP, have them check out the email before you go any further.  

Spear Phishing 

A more sophisticated type of phishing that involves email is called spear phishing. These are malicious emails that are sent to a specific person. Criminals that are participating in spear-phishing will already know the individual’s name, place of employment, job title, email address, or even specific information about their role. 


Another type of spear phishing is known as whaling. This is when a hacker is focused on a high-value target meaning that the email is being disguised as a senior employee to help with credibility. Whaling can sometimes be an entry point for ransomware attacks as they often reach out to high-level employees in an organization to gain access to platforms or financial information. 

Mass Campaigns 

Find yourself in a dark room or with a glare affecting your webcam’s view? No more will this be a hassle as Teams supplies you with various video filters available to help adjust lighting levels and soften the focus of the camera.

Ambulance Chasing Phishing 

With ambulance-chasing phishing, the cybercriminal will use a current crisis that drives up the urgency for a victim to take action which will ultimately lead to compromised company data or information. Currently, an email someone may receive this year could be tied to the COVID-19 global pandemic. An attacker could disguise themselves as encouraging others to donate to a relief fund to help communities. 


Pretexting is when an attacker will focus on creating a good pretext, fabricated scenario, where they will try to steal a victim’s personal information. While the attacker is requesting specific information to ‘confirm the identity’ of their victim, they are actually using the information to commit identity theft or stage a secondary attack. 

Have Your Team Be Prepared

Studies show that there is a cyber-attack every 39 seconds. That’s why it’s good to have your team prepared and aware of the most common types of phishing attacks that happen every day. If your organization is in need of guidance, CorCystems Managed IT Services offers monthly cybersecurity services as well as cybersecurity training for your team. Call us today to get started: (203) 431-1341.