11 types of phishing attacks you must keep in mind.

Taken from document published by OpenText 

1. Standard Phishing: Broad, non-targeted attempts to steal confidential information by pretending to be an authorized person or organization, usually via emails.

2. Malware Phishing: Involves convincing a user to click a link or download an attachment to install malware on their machine. It is currently the most widely used form of phishing attack.

3. Spear Phishing: Targeted attacks on high-value individuals like CEOs using publicly available information to create convincing ruses. When the target is sizeable enough, spear phishing is sometimes called ‘whaling’.

4. Smishing: Phishing via SMS, using text messages to deliver malicious links. DID YOU KNOW?SMS open rates hover around 98%. Compare that to around 20% for email, and it’s clear why cyber criminals like smishing.

5. Search Engine Phishing: Fraudulent sites injected into search engine results, often as paid ads. Search engine phishing sites often promise amazing deals, career advancement opportunities, or low interest rates for loans. Remember, if it seems too good to be true, it probably is.

6. Vishing: Voice phishing, where attackers call victims pretending to be from reputable organizations to extract personal information.

7. Pharming: DNS poisoning that reroutes legitimate web traffic to spoofed pages without the user's knowledge.

8. Clone Phishing: Creating nearly identical emails to legitimate ones but with malicious links or attachments. These attacks can’t get off the ground without an attacker first compromising an email account, so a good defense is using strong, unique passwords paired with two-factor authentication.

9. Man-in-the-Middle Phishing: Eavesdropping on correspondence between two parties to steal credentials or other sensitive information.

10. Business Email Compromise (BEC): Phony emails claiming to be urgent requests for payments or purchases from someone within or associated with a target's company.

11. Malvertising: Exploiting advertising or animation software to steal information, often embedded in normal-looking ads on legitimate websites. Malvertising is usually embedded in otherwise normal-looking ads—and placed on legitimate websites like Yahoo.com—but with malicious code implanted within.