Arrow back

What are the different types of phishing?

14 October, 2021

Phishing is, by some distance, the biggest security risk to businesses. For a little context, over 3.4 billion phishing emails are sent every day, which accounts for around 1% of all emails sent around the world.

But whilst you think you might have a handle on what a phishing email looks like, cybercriminals are constantly developing more sophisticated tactics to penetrate security systems and trick employees.

So, how do you prevent phishing emails from cracking your organisation’s data and systems open? Education.

Educating employees about what phishing attacks look like is one of the best deterrents and in this article, we explain the various types of phishing attacks to be wary of:

What are the most common types of phishing attack?

Spear phishing

This type of attack involves sending a targeted email or electronic communication scam to an individual or organisation. Through social engineering techniques, a cybercriminal will gather data about an individual or organisation in order to craft detailed, realistic fake emails that deceive you into inputting your credentials.


Whaling refers to a phishing attack aimed at senior executives or an email masquerading as an executive in order to steal sensitive data or prompt the transfer of money.

Last year, the toy company Mattel lost over $3 million due to a whaling attack where a finance executive transferred money, believing the request to have come from the company’s new CEO.


Smishing refers to SMS phishing, an attack using mobile text messaging to extract sensitive data. The message will include a link to download malicious software or sending you to a fake website that will capture your sensitive data.

Cases of smishing attacks have gone through the roof this year, rising over 700% in the first six months of 2021!


A vishing attack is one that uses phone calls or leaving voicemails to trick the recipient into sharing sensitive information. The caller will usually pretend to be a person of authority, such as calling from a bank or an IT support team, and will ask a series of questions that give access to your accounts. Look out for calls that encourage you to ask without consideration.

Email phishing

This is the type of phishing that most people will be familiar with, a phishing scam that is sent by email, to entice recipients to reveal sensitive data, either by directly responding to the email with information or by clicking a link that collects data. These general phishing emails are non-targeted and are instead cast as wide as possible.

Search engine phishing

Search engine phishing is a relatively new phishing technique that involves the fraudster creating a legitimate-looking website that features in search engine rankings - often in the 'shopping' section of a search query.

The website will typically offer amazing deals but when the website user pays for their order, the products never arrive and the payment details might also be used for further fraudulent purposes, such as making big purchases.

What can you do to protect your organisation?

With so many different types of phishing attacks, it is easy to see why it is the number one cause of data breaches. The attacks rely on employee errors and their lack of data security knowledge to obtain sensitive data.

Installing automatic anti-phishing filters can help to prevent around a quarter of phishing emails from reaching employees but adequate cyber security training is essential to protect your business.

The award-winning phishing simulations developed by Bob’s Business help employees to understand exactly what type of emails and communications are a risk to the business. Phishing awareness training empowers your team to take the best course of action to stop your company from falling victim to phishing fraudsters.

Find out more about how Bob's phishing simulation training can protect your business.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
Crown Commercial Service Supplier
HM Treasury
ISO27001 & ISO9001
Cyber Essentials Plus
Global Cyber Alliance