What is Phishing?

Close to 91% of all cyber attacks start with a phishing email.

Gone are the days when a phishing attack was only a dodgy email from scammers claiming to be a Nigerian Prince offering you mountains of cash.

Today’s cybercriminals use sophisticated Social Engineering techniques to launch highly targeted attacks to trick users into clicking on malicious links or opening attachments infected with malware such as Ransomware.

What is a Phishing Email Attack?

Phishing Scams are a delivery mechanism for cybercriminals to coerce you into acting to their advantage. Such actions can range from clicking on a link to filling up a form with your username and password. 

Phishing emails typically include a URL link or attachment. Once you click on them, your computer will redirect itself to an unsafe website that’ll steal sensitive information from your browser or infect your device with malware. The latter is also known as a drive-by-download. Cybercriminals will then use your stolen data information to either commit identity fraud, sell it to other hackers, or threaten you with it by asking for a ransom.

how to identify phishing emails

Most popular Types of Phishing Attacks

Business Email Compromise (BEC) or CEO Fraud Scam

BEC phishing attacks are when cybercriminals pose as someone of authority within the company and use this fake persona to phish lower-level employees. Cybercriminals typically attempt to impersonate an organization’s CEO or any executive authorized to do wire transfers. Also, cybercriminals also do their homework by closely monitoring their potential victims and their organization’s internal structures. 

CEO Fraud Scam - Phishing Email Attack
Spear Phishing - types of Phishing Attacks​

Spear Phishing

Spear phishing attacks are similar to BEC phishing attacks in that they’re targeted at a specific audience. Unlike generic phishing emails that go out to thousands of people in wide-scale email phishing campaigns, spear-phishing attacks hone in on key individuals within an organization. Cybercriminals use social engineering tactics to personalize phishing emails to catch their victims off-guard with instructions to reveal information or perform specific actions. 


Instead of targeting employees on the lower end of the organizational chain, Whaling is when cybercriminals target C-level executives. This type of attack is often deliberate and well-planned. The aim is to trick C-suite executives into revealing sensitive corporate data that they will then threaten to release if a ransom is not paid.

Malicious phishing example
What is Phishing?

Smishing (SMS Phishing) and Vishing (Voice Phishing)

Smishing and Vishing are phishing attacks that also use Social Engineering techniques to lure victims, but using a different channel rather than email. Smishing (SMS Phishing) and Vishing (Voice Phishing) reach victims via mobile phones. Attackers usually bait victims by using banks and online retailers’ names to lure their targets in Smishing and Vishing attacks.

Angler Phishing or Social Media Scam

Angler Phishing attacks, also known as Social Media Scams, often seem like harmless social media posts. It became a typical phishing scam that utilizes the identity of the company’s accounts in social media claiming to be its official customer service channel. Most of the time, attackers create social media accounts on Facebook, Twitter, and Instagram using a handler similar to the official ones. In Angler Phishing, victims are usually offered the option to click a link to be taken directly to one of their team members. Instead, victims are redirected to malicious websites where frauds happen.

Angler Phishing or Social Media Scam Phishing techniques

Top Phishing Techniques

Social Engineering

Social engineering is the technique of manipulating people, so they perform malicious actions or divulge confidential information. This technique exploits human psychology rather than technical hacking techniques to access a victim's personal and professional data. Click on the title to learn more about Social Engineering.


Ransomware is one of the most popular types of malware. After infecting a victim's computer, this type of malicious software blocks access to its victims' computer system and only restores its data upon payment (ransom). Click on the title to learn more about Ransomware.

Link Manipulation

Link Manipulation is a deceptive phishing technique to write the hypertext (link) in a malicious email so it looks like a legitimate website URL. Using this phishing technique, attackers create web addresses visually identical to a legitimate one but send victims to a fake malicious website instead.

Domain Spoofing

CEO Fraud and BEC attacks are examples of how the domain spoofing technique can be used. Domain spoofing in phishing emails tricks victims into opening or corresponding with a solicitation that impersonates a legit corporate email.

How to Prevent Phishing Attacks

Educate Users

Allow employees to report suspicious emails

Use firewalls and email filters

Define and enforce strict password management policies

Add an extra verification layer by using two-factor authentication (2FA)

Final Words

Discover the critical importance of phishing awareness training. With nearly 91% of cyber attacks originating from phishing emails, safeguarding against these threats is paramount. Stay ahead by understanding the various phishing techniques and implementing effective prevention strategies. Protect your organization with robust training and education from Right-Hand’s phishing awareness training.

Ready to Take Your Security Awareness Program to the Next Level?