What Is Phishing?

Phishing is an attack strategy that uses deception in order to solicit sensitive information or directly breach a system, typically in the form of an email. Although phishing is almost as old as email, it has become increasingly more sophisticated, often evading spam filters and human detection.

Phishing is considered one of the most effective attack vectors being used today. It is more critical than ever to learn what phishing is, and how to avoid becoming the next victim.

What Are the Different Types of Phish?

Spear phishing

Spear phishing uses targeted attacks against a specific person or organization. A threat actor does research in order to learn personal information to tailor emails accordingly. For example, phish could be created to look like an individual’s specific bank, or an organization may be phished with emails that appear to be from those working in human resources. Since spear phish are from familiar names or organizations, and often look more realistic, users are much more likely to open them.


Whaling is an even more precise type of phish aimed at high level targets, like C-level executives. While threat actors must again carefully research and craft an email that is not only tailor made, whaling presents an additional challenge. Since such high profile individuals are typically more selective about the emails they open, malicious actors put more thought into the getting their attention in the emails they craft.


Not all phish are in email form. People can receive automated or live calls requesting personal information that can be given in person or dialed into the keypad. Now that caller ID is universal, many vishing attacks also incorporate spoofing, in which a phone number from a local area code, or even a recognized company, appears to be calling. The most common vishing attacks include calls from banks, credit card companies, loan offers, car companies, or even charitable requests.


Threat actors utilize every communication method, including short message services (SMS). Attackers send text messages or use messaging apps to solicit personal information or spread malicious links. Malicious links opened on a cell phone are particularly dangerous, since there typically isn’t antivirus software to protect these devices. Source

iTM covers all aspects of cybersecurity from Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.