Phishing is one of the most common types of online cyber attacks, with an estimated 3.4 billion emails being sent out daily.
Whether through emails, SMS texts, phone calls or websites, it’s hard not to come across phishing when online. While some fraudulent messages may be obvious, cybercriminals develop different types of phishing attacks to catch us off guard.
Scammers will use every trick in the book to steal personal information, swipe your banking details or install malware onto your device, and all it takes is a simple click on a malicious link or replying to a message.
This guide will explain the most common types of phishing attacks to look out for, along with the best way to avoid all forms of phishing.
6 common types of phishing attacks
Scammers use several phishing methods to steal information. Sometimes, it’s through email, while other times, it’s through phone calls or texts. Threat actors will also target specific individuals, knowing they can grab a bigger prize if the victim is successfully duped.
Here’s a better look at the most common phishing scams to look out for.
What is email phishing?
If you have an email address, you’ll likely have received unwanted phishing emails in your inbox. Phishing emails are the most common form of cybercrime, as scammers can easily send emails to millions of people to see if anyone bites.
These scam emails often involve the attackers using a fake email domain that looks similar to an official brand, dodgy links to fake websites and malicious attachments to download.
For example, the scammers may disguise the email as an official-looking message from Amazon. They will use the same brand imagery, language and common messages the company sends.
Look out for misspellings in the message, the email address and URL. In this case, if the URL doesn’t appear to be “Amazon.com” or “Amazon.co.uk” or country-specific, don’t trust it. Cybercriminals may use names that look like they come from Amazon, but they are often misspelt or include periods (“.”) in random points of the address. If it’s from Amazon, it should simply be “firstname.lastname@example.org.”
What is smishing?
Similar to emails, fraudsters will send fake SMS texts to catch people off guard on their phones. This is known as smishing.
These text messages often include a link to a fake website for customers to enter their login details. However, this allows the hacker to access their accounts instead. Never click on the link if you receive these types of messages.
These text messages often include a link to a fake website for customers to enter their login details. However, this allows the hacker to access their accounts instead. This could be for social media platforms or banks, allowing attackers full access. Never click on the link if you receive these types of messages.
What is vishing?
Instead of using a form of text, vishing is when scammers use telephone calls to trick individuals.
Scam callers will pretend to be from retailers, banks or companies to make them sound official. They will often request a call to action to get private information. For example, they will say that you’ve won a prize but need your personal information, request your banking details due to your account being compromised or ask for private information as part of a survey.
As a rule of thumb, no company will request this information out of the blue over a phone call. Don’t give away any personal details to an unknown caller.
What is spear phishing?
Phishing can often be random, but spear phishing and whaling are emails or messages sent to specific targets.
Spear phishing is the act of targeting an individual the scammer already has information on. They will use information like the target’s name, job title, email address and more to make the victim think it’s a legitimate message.
For example, scammers will email employees a notice about the company, stating their name and information about their job. They will then request a sly way to be sent personal information or banking details.
What is whaling?
Whaling takes this a step further by targeting individuals with senior roles in a company. Attackers will disguise themselves as a senior-level position at a company, like a CEO, and request employees to get something done. This could be a bank transfer or sensitive company information. Scammers take advantage of the hierarchy of positions in a company, with employees often responding to senior-level roles and following instructions.
As with all phishing tactics, always check for suspicious behaviour in emails, text messages and phone calls, and double-check the email address or URL to see if the message comes from an official source.
What is search engine phishing?
When searching for something online, we use a search engine like Google or Safari. We get a list of search results and often choose one of the top links shown. Unfortunately, just because a website is on the first page of search results doesn’t mean these sites are legit.
Cybercriminals use Search Engine Optimization (SEO) to improve the visibility of malicious websites on search engines. This is known as search engine phishing or SEO poisoning, and it can lead to scammers stealing personal information or victims downloading malware just by visiting a fake website.
For example, threat researchers found fake websites impersonating 100 popular brands, including Nike, Timberland, Superdry and more. The threat actors obtained over 6,000 website domains that looked like official brand websites, such as “www.clarkssouthafrica.co.za.” Since these are placed at the top of search engine results, users will be tricked into clicking them.
To make sure you’re visiting a legit brand website, you can check for the brand’s official domain. For example, Nike’s official website is “https://www.nike.com/.” This can be found on the brand’s social media platforms or Wikipedia. Check these if you’re unsure if the website is legit.
It’s important to note that Google also promotes sponsored links at the top of search results. Scammers also use these advertised sites to trick users into clicking on them, so it’s best to skip these links.
Use antivirus software to stop phishing
The best antivirus software will stop phishing in its tracks. Many high-standard AV protection offers near-perfect scores when detecting and protecting against malware, meaning even complex malicious software can’t go unnoticed in messages or emails.
Messages from scammers can contain harmful links or attachments filled with malware, which you never want on your device. The good news is you can let one of the best antivirus software services do all the legwork for you, as they have security and privacy features to protect your accounts.
Services such as Avast One, Bitdefender, Norton 360 and more have protection tools that block malicious email addresses, links and attachments. To make sure scams block malware damaging your device or keep you safe from threat actors hacking your phone through texting and more, set yourself up with an antivirus.
Best antivirus for phishing
1. Norton 360 🥇From $19.99/year
Best overall antivirus of 2023
“Norton” and “antivirus” are synonymous these days, as the well-established cybersecurity brand has successfully fought against malware, viruses and nasty software threats since 1990.
Norton 360 offers excellent antivirus protection and extra features that make for a valuable, all-in-one security product. Its Norton 360 Deluxe and Premium package may cost a pretty penny. Still, with security across multiple platforms, a full-blown VPN, Dark Web Monitoring, Parental Controls and more, it will have a household free of cyber threats.
Norton’s certainty of its antivirus software’s capabilities is clearly defined by the brand’s 100% Virus Protection Promise. If a device protected by Norton 360 can’t get rid of a virus, the user receives their money back. It’s a big claim, but unquestionably, no one should expect to get that refund.
If you have the money for it, you can also check out the premium Norton 360 Platinum package for even more online protection, including from identity theft. Without a doubt one of the best antivirus to get.
Read our full Norton 360 review
2. Bitdefender 🥈 From $19.99/year
Best security features and tools
Bitdefender takes the spot as best antivirus, and for good reason. It’s not enough that it boasts near-perfect lab test scores across the board, as it goes the extra mile by giving users access to a plethora of advanced security features.
Bitdefender goes above and beyond in the features department, all while keeping known malware, ransomware, and viruses at bay. It will defend your device against new attacks, provide security for online transactions, keep you safe with a reliable VPN, and protect your accounts with a password manager.
It’s a no-brainer when it comes to defending your devices against virtually any form of cyberattack, and its top-notch protection extends to its most affordable package, too. Protecting your PC and smartphone, from Windows and macOS to iOS and Android, is becoming even more necessary, and Bitdefender is the tricked-out shield you need.
Read our full Bitdefender review
3. Malwarebytes 🥉 From $44.99/year
Best antivirus for Windows PC
Hundreds of malware emerge every minute, and it’s Malwarebytes’ mission to detect and conquer them all. Does the antivirus do this successfully? Yes, but there’s wiggle room for improvements.
Malwarebytes’ no-nonsense approach to protecting your devices from the onslaught of malware and viruses is effective for those who need a reliable antivirus that will detect and remove malicious software, especially with its free version. However, while its premium service provides 24/7 real-time detection, conveniently blocks vicious ransomware and shields users from malicious websites, it doesn’t go beyond on the feature front.
That’s no bad thing, as sometimes a user only needs a powerful antivirus to keep them safe from cyber threats. But considering its competitors add a few more security tools, such as data breach monitoring and a firewall, there’s room for improvement.
Read our full Malwarebytes review
4. Avast One 🙌 From $39.99/year
Best antivirus for beginners + free plan available!
With Avast One, you can protect your device from viruses, malware and ransomware for free. That’s right, and you don’t have to pay a dime for the extra security features the antivirus throws in, including its VPN, firewall and more.
Avast One will safeguard your device from malware, comes with ransomware protection, blocks harmful websites and downloads from the web, scans your emails for malicious attachments, stops hackers from infiltrating your device through Wi-Fi with a firewall – the list goes on. That’s a lot of tools for software that’s free, and the included VPN and the ability to speed up your PC are a welcome bonus.
It’s the ideal antivirus software for home use, as it takes the hassle out of staying wary of cyber threats lurking around, even if you’re not a tech whizz. What’s more, if you are looking for added precautions, its paid Individual and Family packages still boast great value. Hard to go wrong with this best antivirus.
Read our full Avast One review
5. AVG👍 From 4.99/month
Best antivirus for + free plan available!
You can never go wrong with free antivirus protection, but some deliver even better detection and protection rates, along with extra security features, without costing a dime. This is where AVG antivirus shines.
AVG provides reliable protection and only a small impact on performance for Windows, Mac, iOS and Android. It safeguards your devices against malware, viruses and zero-day exploits, along with blocking malicious links and attachments in emails. Throw in phishing protection when surfing the internet and extra security features such as its SafePrice browser extension and Network Inspector, and you’ve got yourself a do-it-all antivirus.
Sure, you can find all of these perks with Avast, but if you like a slick, darker user interface that’s easy to navigate, then AVG is for you.
Read our full AVG Antivirus review