Common Types Of Phishing Scams

In today’s world, it’s important to be vigilant in keeping yourself and your organization safe from cyber attacks. Unfortunately, scammers are sneaky and are always finding new ways to trick users into giving away personal information such as credit card numbers, social security information, or contact information. 

Below are some common types of phishing attacks to be aware of. Scammers are essentially “fishing” for information, so many of these common types of phishing use fishing metaphors. 

Types of Email Phishing

Email Phishing

You likely think of regular email phishing when you think of a scam email. These are the emails you receive from senders such as “WeightLossPill” or “Amazom” (instead of Amazon). 

These scammers cast a huge net and try to catch as many “phish” as possible with their schemes. They use common schemes such as “please reset your password” or “your delivery was not successful, please confirm your address” to try and get you to give them your information. 

Though some of these are easy to recognize, the rise of AI and the ingenuity of scammers are making scam emails harder to spot. When an email seems out of place, pay careful attention to the sender and domain.


Spear Phishing 

Spear phishing is a more targeted type of email scam. Instead of casting a wide net like traditional phishing, spearing goes after one user.

When a scammer already has information about you, such as your job title, place of employment, email address, or other pertinent detail, they can send a more convincing email.

These emails look more real because they pull in certain details about your job and ask you to perform a task related to something you may do daily. 

For example, a scammer can pose as a new hire who works at one of your frequent vendors. They could say they need you to verify your credit card information to fulfill an order, or it will be canceled.

Be sure to think through when asked for sensitive information through email. When in doubt, call the person to confirm. 



Whaling attacks are similar to spear phishing emails, but they target upper-level management at your organization. The email looks like it comes from your CEO, CFO, or another person in leadership. The email will have a sense of urgency and busyness and ask you to do a favor for them.

The goal of the whaling attempt is to get you to respond. Once you respond, the scammer will find ways to get you to give them money or sensitive information.


Phone Phishing

Phishing isn’t limited to just email. Scammers also try to get your information through the device you always carry: your phone. 



Smishing is when a scammer uses text messages to target you for an attack. These SMSes come from unrecognizable numbers and most often try to get you to click a link from the message.

Most SMS scams look like they’re from a package delivery service and supposedly want you to confirm your address or from your bank telling you that your account has been hacked. 



Vishing is using phone calls to try and get the information they want. The person calling your phone number will say they’re from a reputable organization, such as your bank or cable provider, and will ask you to confirm your login credentials.

Some vishers even pose as family members who are in trouble and need help. They use vague facts to try and trick you into thinking they are who they say they are. 


Phishing Through Websites

Websites are not immune to phishing campaigns, either. 

Website Spoofing

Scammers often create fake websites that look like ones you know and recognize. They count on you to see the familiar site and log in without paying attention to the domain name. By then, it will be too late. 


Pop Up Phishing

Some pop-ups on a website can be phishing scams in disguise. They will entice you with a great offer to get you to click on it. Once you enter your information into the malicious link, they’ll have what they need to scam you. 


Social Media Phishing

Scams on social media are on the rise as well. The most common form of social media phishing is angler phishing. 

Angler Phishing

Angler phishing is when a scammer creates a fake social media profile to impersonate an established business.

When a person leaves a bad review or complains about a brand on social media, these impersonators quickly swoop in and respond to the complaint. They pose as a friendly employee who wants to help and asks the person to send their account information to help. 

Keep Yourself Safe from All Types of Phishing

In today’s digital world, it’s important to stay vigilant and know how phishers are trying to steal your information.

Read our blog “How to Spot a Phishing Email” for tips and tricks on how to keep you and your organization safe from email phishing attacks. Already opened an email? Read “What To Do If You Open a Phishing Email” for more information on how to proceed.


Phishing Prevention Services by Aegis IT

At Aegis IT, we take cybersecurity seriously. We want to help your organization stay safe from dangerous phishing scams. 

That’s why we offer phishing prevention services. We train your employees to protect themselves and your organization from phishing attempts. 

We also offer a wide range of cybersecurity and email security services. Call us today to discuss your IT security needs and how we can best serve your business.


Contact Us

Phone: 423-343-5160