--- title: "Understanding Phishing & Types Of Phishing | Phish Protection" description: "Phishing is a kind of cyber-attack that is increasingly growing in popularity among hackers due to its simplicity of use and high potential rewards should the." image: "https://phishprotection.com/og/blog/understanding-phishing-types-phishing.png" canonical: "https://phishprotection.com/blog/understanding-phishing-types-phishing/" --- Quick Answer Some \_psychological and social engineering tricks used earlier by attackers\_ included drafting emails with intentional grammatical errors to gain attention from employees who they fooled into taking actions that weakened organizational security controls. Later, several increasingly fascinating and advanced email techniques were used by attackers such as \[Domain spoofing\](/content/domain-name-spoofing/). In this scenario, the attackers bought domains (website addresses, example Google.com or your Website.com) similar to other well-known names in the market such as banking domains and pretended to be the Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Funderstanding-phishing-types-phishing%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Understanding%20Phishing%20%26%23038%3B%20Types%20Of%20Phishing&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Funderstanding-phishing-types-phishing%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Funderstanding-phishing-types-phishing%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Funderstanding-phishing-types-phishing%2F&title=Understanding%20Phishing%20%26%23038%3B%20Types%20Of%20Phishing "Share on Reddit") [ ](mailto:?subject=Understanding%20Phishing%20%26%23038%3B%20Types%20Of%20Phishing&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Funderstanding-phishing-types-phishing%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/04/what-is-phishing-4736.jpg) _Phishing is a kind of cyber-attack that is increasingly growing in popularity among hackers due to its simplicity of use and high potential rewards_ should the attacks prove to be successful. Phishing is usually done via email, popup ads, or even calls and involves deceptively fooling users into taking some action that ends up compromising them. _The history of the first **phishing attacks** began in 1990_ when phishers designed an algorithm to generate random credit card numbers and then scrambled these numbers to match up with original card numbers belonging to clients of a financial organization in America. This was the first time phishers used **sophisticated algorithms** along with social engineering on the Internet through phishing scams. Such incidents now include [theft of personal](/products/email-impersonation-protection/) information have given no sign of abating. In fact, phishers used advanced cryptographic methods and repurpose tools created for decent purposes such as TOR (The Onion Router), military-grade tools such as **automated ransomware** and crypto currencies to mask their identity and carry attacks with impunity. ![What is phishing](https://media.mailhop.org/phishprotection/images/2021/04/what-is-phishing-4736.jpg) _In the early 2000s, hackers devised advanced techniques for performing phishing attacks through the use of emails_. This generation’s adversaries are very tech-savvy and use modern technology to intrude and steal information. They use commercially available cryptography tools, **phishing kits**, and _advanced methods readily available on the dark web to carry out attacks which end up costing millions to people_. The rise of Phishing as seen phishers choose emails as their weapon of choice in this Digital Age’s battlefield for data and enterprises who have not safeguarded themselves using anti-hacking, [anti-phishing tools](/blog/why-the-new-instagram-anti-phishing-tool-wont-work/), training and firewalls have suffered tremendous blows to both their reputations and finances. Some _psychological and social engineering tricks used earlier by attackers_ included drafting emails with intentional grammatical errors to gain attention from employees who they fooled into taking actions that weakened organizational security controls. Later, several increasingly fascinating and advanced email techniques were used by attackers such as [Domain spoofing](/content/domain-name-spoofing/). In this scenario, the attackers bought domains (website addresses, example Google.com or your Website.com) similar to other well-known names in the market such as banking domains and pretended to be the employees of these enterprises to get access to information such as financial data and passwords. PayPal was the first target of this technique, and many people had their stored details in PayPal servers compromised. ### The Origin of word Phishing: ‘F’ is replaced in “Fishing” to give rise to the name “Phishing.” Phishing is in many ways similar to [fishing where bait](https://www.phishing.org/history-of-phishing) is used to capture fish. In phishing, instead of using worms as bait, _adversaries make the use of cleverly designed and deceptive emails and websites to get data_. ### When It Comes To Types Of Phishing, Phishing Is Divided Into Five Main Categories #### Vishing _The word originates from the conjunction of Voice and Phishing, claiming its name as Vishing_. Adversaries collect the data about a person from social media and contact the person using the name of his or her friends/family to gather personal data. Thankfully, people are also wising up, and this technique is no longer working out well for cybercriminals. _Vishing makes use of the voice or mobile conversation where the adversaries impersonates_ as tax department authorities, Bank employees, friend, or acquaintance to initially gaining the user’s trust and eventually **steal the sensitive data** #### SMiShing \_SMiShing is a term formed by combining two words, SMS and phishing. \_ When SMS is used as a tool to perform the Phishing crime, it is referred to as [SMiShing](/content/protection-from-phishing/types-of-phishing/). In this, an SMS is sent to a large number of people asking them to click on a given link. The link usually has lucrative offers such as free branded shoes in exchange for email addresses or some other information. This helps hackers in their job. _SMiShing is also one of the easiest ways of making users of mobile fall prey to the **phishing attacks**_. Generally, users receive an SMS with a fake delivery order, or an order cancellation update and an associated URL to the same, which many people click on, without giving it a second thought. These links eventually lead to **fraudulent websites** specially crafted by the adversaries to extract sensitive information of the people #### Search Engine Phishing _This is the easiest way to attack any system and infiltrate it to steal significant personal information_. Links to the **fake and deceptive web pages** target internet traffic towards these sites. As a searcher land on a web page, adversaries gain access to some data on their system and use it for gaining further essential data files. They know IP addresses and country location instantly when someone lands on their site. _This can happen in case of websites without HTTPS connections which encrypt data from a device to the end location_. This is why you should avoid visiting sites without **HTTPS security certificates**. (The Green Lock sign in Google beside a website’s name) #### Spear Phishing In spear phishing, _one particular high-value person is singled out and targeted with emails crafted using prior information known about them_. Before the attack, all relevant information about the target is mined from their social media profiles and online activities. Then emails are sent where [hackers impersonate](/products/email-impersonation-protection/) themselves as a person known to the target and try to get information to perform a big heist. Spear Phishing can be very dangerous and has proved to be extremely efficient in exploiting vulnerabilities in a security system. Users often end up revealing all the necessary information to a fake person (Phisher). ### Whaling In the world of phishing, _“[Whales](/content/whaling-attacks/)” are those persons whose positions are prefixed with “C” such as CEOs, COOs, and CTOs_. They are high-level employees who have access to extremely important data about the enterprise. Research is done in advance in order to get relevant information about these persons from their profile, and then they are targeted. ![What is a zero day attack](https://media.mailhop.org/phishprotection/images/2021/04/what-is-a-zero-day-attack-2176.jpg) Nowadays, financial organizations such as banks, payment systems, crypto currency exchanges, and mobile wallets are at significant risk from **phishing attacks**. However, e-commerce and technologies companies also remain soft targets to adversaries and hackers. Phishing attacks can be stopped only by spreading [organizational awareness](/products/phishing-awareness-training/) among the employees, with [phishing protection services](/) and updating all security regimes, firewalls and security controls and configuring them properly. ## Topics [ Phishing Awareness ](/tags/phishing-awareness/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 14m 12 Real-World Spear Phishing Examples And The Red Flags You Missed Feb 4, 2026 ](/blog/12-real-world-spear-phishing-examples-and-the-red-flags-you-missed/)[ Foundational 2m 8 million Android users fell prey to SpyLoan malware on Google Play Store Dec 5, 2024 ](/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/)[ Foundational 1m A Big Part of the Phishing Problem is You Sep 17, 2019 ](/blog/a-big-part-of-the-phishing-problem-is-you/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Understanding Phishing & Types Of Phishing","description":"Phishing is a kind of cyber-attack that is increasingly growing in popularity among hackers due to its simplicity of use and high potential rewards should the.","url":"https://phishprotection.com/blog/understanding-phishing-types-phishing/","datePublished":"2021-04-27T11:25:17.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-04-27T11:25:17.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/understanding-phishing-types-phishing/"},"articleSection":"foundational","keywords":"Phishing Awareness","wordCount":1057,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/04/what-is-phishing-4736.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Understanding Phishing & Types Of Phishing","item":"https://phishprotection.com/blog/understanding-phishing-types-phishing/"}]} ```