Phishing is a technique often used by cybercriminals in which they attempt to acquire personal information such as user names, passwords, and credit card details from unsuspecting victims. There are many different types of phishing attacks, but some of the most common ones include email phishing, phone phishing, and social media phishing. In this article, we will take a closer look at 6 of the most common types of online phishing attacks.

Email Phishing

Email phishing is one of the most common types of online phishing. It involves sending an email that appears to be from a legitimate company, asking the victim to provide sensitive information. Some companies include a link to spoof websites in these emails. Attackers could then use the data obtained through this type of attack to steal money or information, gain access to user accounts, or conduct other fraudulent activities. You can avoid email phishing attacks by understanding how they work, looking for signs that may identify them as spam, always scanning links before clicking on them, never sharing your password with others nor entering it anywhere online unless you are visiting a trusted site directly (i.e not through link), and only providing personal details on secure sites.

Phone Phishing

Another common phishing attack is phone phishing, which involves scammers calling users and pretending they are from a legitimate company to trick them into providing sensitive information such as passwords or credit card details. Typically the scammers will try to gain users’ trust by acting as an authority figure such as a bank representative. The user may also be told that there is something wrong with their account, and if they don’t provide their login credentials, it will be suspended. Since most people have at least one of the bank phone numbers saved on their phones for easy access, this type of scam can be easy to fall for, especially when you don’t know who is actually calling. To avoid becoming the prey of this type of scam, never give away any personal information to someone who calls saying they represent a bank or other company.

Spear Phishing

Spear phishing is an email phishing technique that involves creating legitimate-looking emails aimed at specific user groups such as employees in the finance department. Attackers will often gather as much information as possible about their target(s) before launching such attacks, such as researching employees and their roles within the company. The objective is usually to trick the recipient into opening malicious attachments or clicking links that allow attackers access to sensitive data. Spear phishing can be avoided by following these tips: Do not click any links found in an email, especially those from unknown senders, avoid downloading attachments from emails unless you are expecting them, always scan links before clicking on them, and never email personal or financial information to anyone.

SMS Phishing

This type of online phishing attack involves sending dangerous SMS messages containing links to dangerous spoof websites that ask victims for their login credentials or financial details. Since these messages look like they are coming directly from popular brands such as Google, Yahoo, or Facebook, users can be easily tricked into clicking on them. You can avoid this type of phishing attack by never entering your login credentials on a website unless you verify who runs it and check the URL before entering any personal details.

Facebook Phishing

This online phishing scam involves creating fake profile pages of big companies such as Microsoft or Google that appear legitimate to unsuspecting victims. These profiles usually contain a link asking for a victim’s username and password to gain access to their account. If a victim clicks on these links, they will be redirected to spoof websites asking for usernames and passwords to look like they are actually from the company whose page was created. The best way to avoid falling for this kind of scam is to avoid clicking any links on Facebook that ask for your login credentials.


Pharming is a type of attack that redirects web traffic from a legitimate website to a fake page through DNS poisoning. This type of scam typically involves attackers getting into your local computer either through malware installation or social engineering. Once inside, they modify your system’s hosts file to reroute web requests for the targeted site(s) to the rogue server. One example of pharming was when scammers hacked into domain name registrar and modified the authoritative nameservers so that requests for would be redirected to Rickroll’ and the official site was offline for more than a day. This type of scam can be easily avoided by keeping your computer system up to date, avoiding clicking links within suspicious emails, and using reputable antivirus programs with real-time protection.


Although online phishing scams are on the rise, following the above tips can help you avoid becoming a victim of fraud. Even though some online phishing scams do not require any form of interaction from the user to work, attackers are getting more sophisticated by using tools that allow them to send fraudulent emails without even having access to an email account. It is very important to first detect and prevent online frauds.

Protecting yourself against these types of attacks is possible if you follow basic security measures such as keeping your computer up to date, never opening attachments on emails unless they are expected, setting strong passwords for all your accounts, and backing up your data regularly.