Phishing scams typically fall into one of these 5 categories:

1. Deceptive Phishing

Deceptive phishing occurs when scammers impersonate credible companies in order to steal personal information and login credentials. These emails typically create a sense of urgency for victims to rectify a problem with their accounts and prompt the unsuspecting to clink on an external link. These external links often look very similar to the login pages of the company that the scammer is mimicking. Victims then sign in to the scammer’s page, thus surrendering their login information.

2. Spear Phishing

Spear phishing attacks target a specific individual or small group of individuals through campaign customization. Spear phishing often uses the recipient’s personal information (such as their name, position, company, work phone number, or other information) in an attempt to establish credibility. The goal of the scammer is to deceive the recipient into thinking that they have a personal connection. Victims are often more likely to click on a malicious URL or email attachment when they believe that they know the sender.

3. Whaling Attacks

Whaling attacks target high-profile victims, such as C-level executives and their teams. In a whaling attack, scammers often gain control of a CEO’s email account and commit CEO fraud to secure high-level information. Scammers abuse the CEO’s email to authorize fraudulent acts, such as fraudulent wire transfers, and other actions that cause severe damage.

4. Pharming

Pharming attacks target domain name systems (DNS). A DNS server connects an alphabetical website name to a numerical IP address. Pharming attacks hack into the DNS server and change an IP address connected to the alphabetical website. The scammer can then redirect website visitors to a malicious website.

5. Dropbox Phishing

Millions of individuals and companies use Dropbox services to back up, store, share and access files. Many phishing scams target these individuals and companies in order to gain access to critical data and personal information. Dropbox phishing scams have even gone so far as to mimic sign-in pages in the phishing email’s external links.