Types of phishing attacks

Phishing attacks take various forms, and most target people who are active on the internet. These are the various types of attacks currently:


This is the kind of phishing that is deployed via cellphone, voice email or landline. The phisher calls to alert you about a suspicious activity on your account, then gives you a number to call and verify your details.

Data theft 

This mainly targets unsecured PCs to steal confidential business communication, employee information, and confidential company data. The phisher hen sells the data to competitors or other third parties for malicious purposes. 

Search Engine phishing 

The hacker creates a website offering fake services and renders them for indexing so they can appear on search engines. They look like genuine companies offering genuine products and lure you by giving very attractive offers. Most of such sites purport to extend credit services with the aim of getting you from your current service provider to their fake company where they con you. 

Web Trojans 

Invisible pop-ins that pick your login credentials and send to the phisher


This kind of attack tracks the information you input via keyboard and send it back to the hacker.

Deceptive phishing 

The phisher deceives you into confirming account information, or claiming a free service that needs you to act fast. A good example is those fake discount coupons and company giveaways that disappear once you enter your personal information. You can also be deceived though emails that ask you to renew domain, or act on sudden account changes.

Session hacking 

This one tracks your online activity until you sign into the target account. The software then proceeds without your knowledge.

Malware-Based phishing 

This kind of phishing prompts you to download email attachments or files from a specified site.

Hosts file poisoning 

When you type a URL, the phisher poisons the host files and thus transmit a fake address. This way, you end up on a fake site where they steal your information.

System reconfiguration attacks 

This modifies your computer settings so your favourite website URLs can redirect to fake lookalike sites. From there the hacker can steal from you.

DNS-based phishing 

Also known as pharming, it works by tampering with domain name system (DNS) or hosts files to direct you to a fake web addresses.

Content-injection phishing 

The phishers control only a specific section on the website in order to collect data. For instance, they may insert a code on the login or checkout page in order to collect information from you and send it to the hacker.


In this type of attack, the hackers locate themselves between you and the site you are visiting. Your activity on the website is not disrupted but the information they gather is later sold to third parties or used to access your account after you logout.


Leave a comment