a blog from CenturyLink

Types of phishing attacks: vishing, spear phishing, and more

by | Oct 1, 2021


Phishing is the most prominent type of cyberattack used by criminals today. Phishing attacks happen more than twice as much as the next most common type of cyberattack according to the FBI’s Internet Crime Report. There are many different types of phishing attacks used by cybercriminals, from a wide-cast net.

In a phishing attack, a cybercriminal uses official-looking emails, text messages, social media messages, and websites to try to get you to share personal information. With that information, they can then commit identity theft and fraud.

Woman reviews her emails on her couch.

Types of phishing attacks

While phishing usually refers to a cyberattack that comes from email, there are many different types of phishing attacks that cybercriminals use. In this article, we’ll explore the varying types of phishing you may encounter, including vishing, smishing, and spear phishing.

Spear phishing

Compared to the typical phishing attack, spear phishing is much more targeted and personalized. In this attack, the cybercriminal may scrape personal information from the web to attack you, including your location, friends, employer, or online activity. With that information, a cybercriminal can target you specifically, rather than casting a wide net through a standard phishing attempt.

They can make the email look like it’s coming from your boss or your bank. At first glance, you might really believe the email is coming from that person or institution. By gaining your trust, it’s much easier for a cybercriminal to convince you to give up personal information.

Whaling, executive phishing, and CEO fraud

Like the name suggests, whaling goes after the big fish at businesses. It’s also known as executive phishing or CEO fraud. These attacks target people in the C-suite or other people that have access to important areas of the business. Many phishing attacks are urgent in nature, but these attacks can be particularly rushed, since the demands seem to be coming from someone with a lot of power in the company. These tactics ramp up the fear and urgency. The email may say that the company is being sued and include a link or download where the receiver can get more information. If clicked or downloaded, the receiver’s device is infected with malware, which can be particularly dangerous on an executive’s computer.

A older male executive checks his email on his phone.


You’ve probably already experienced “spoofing”, or robocalls that have a misleading caller ID. Often, callers that spoof are trying to sell you something, or it’s a scam. Sometimes it’s a vishing attack. Vishing combines phishing and phone calls. Cybercriminals may spoof the call so it looks like it’s coming from your bank or another institution. If you answer the call, they may ask you for some of your personal identifying information, like account numbers, passwords, or your full social security number. They may also leave a voicemail for you, directing you to return their call at a fake phone number.


Texting has been popular since it was first introduced in the early 2000s. But with the rise of SMS in marketing, your SMS inbox is not just for friends and family anymore. Smishing is the SMS version of phishing, and it often includes a link. Because people are less aware of the risks associated with clicking a link in a text message, many of us are susceptible to smishing attacks. Smishing attacks are on the rise too, up nearly 700% in the first 6 months of 2021.


When we think of phishing, many of us think about emails first. But cybercriminals also use websites to harvest data. It’s known as pharming. Pharming sites are usually “spoofs” of a real website. The goal is usually to gather personal data about you and to steal your identity. Cybercriminals have a variety of methods that allow them to redirect web traffic to their own spoofed pharming site. Pharming is less common than phishing because it requires more work, but it may be more dangerous. Pharmers target financial institutions and e-commerce websites.

A young man checks his email using his smartphone.

Recognize the signs of phishing

No matter what type of phishing attack, cybercriminals often try to use urgency or high stakes situations to get you to take action. It’s important to slow down. If the request is different from the normal procedure, treat it with suspicion.

Be careful when you receive emails, texts, or phone calls that say you must confirm your personal information or that there are issues with your payments or accounts. If you really do need to check in with your bank or an e-commerce seller, hang up and call back on the phone number listed on that company’s website.

And finally, be cautious about clicking on links in emails and text messages. You can use your mouse to hover over the link and see where it actually goes in your email which can help you make sure you’re going to the right site.

To learn more about phishing and cybersecurity, check out:

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

<a href="https://discover.centurylink.com/author/kirstenqueen" target="_self">Kirsten Queen</a>

Kirsten Queen


Kirsten Queen is the Senior Content Marketing Manager for CenturyLink and Quantum Fiber. Since she started writing professionally, Kirsten has dabbled in nonprofit grant writing and communications, social media marketing, and now writes content about life with technology. In her free time, Kirsten likes to cook, garden, and hike in the mountains of Colorado. Her name rhymes with first, not cheer.