Email Phishing Attacks: How to Spot Them and Stop Them Before It’s Too Late

📘 Chapter 2: Types of Email Phishing Attacks

🔍 Introduction

In Chapter 1, we introduced the concept of email phishing and why it's one of the most dangerous cyber threats today. In this chapter, we’ll explore the different types of phishing attacks in detail — how they work, who they target, and how to recognize them.

Phishing is not a one-size-fits-all attack. Cybercriminals tailor their strategies based on their goals, their targets, and even the time of year (e.g., tax season scams). Understanding these variants is essential for developing smarter defenses and training users effectively.

📌 Why Attackers Use Different Phishing Methods

🧠 Core Categories of Email Phishing

There are 7 primary types of phishing attacks that you’ll encounter. Each poses a unique threat vector and requires a different response strategy.

1. 🎯 Spear Phishing

Targeted phishing attack aimed at a specific individual, often a professional or executive.

🔑 Characteristics:

• Personalized with name, role, company data
• Appears to come from a known contact
• Often references real business matters

📌 Example:

“Hi Sarah, here’s the Q2 budget doc you requested. Please review by EOD.”

🧠 Attacker Goal:

• Gain access to internal systems
• Steal confidential data or credentials

2. 🐋 Whaling

A subset of spear phishing that targets high-level executives or decision-makers like CEOs, CFOs, and directors.

🔑 Characteristics:

• Polished tone, business formal language
• Appears urgent and critical
• May request wire transfers or confidential information

📌 Example:

“Please authorize the attached vendor payment of $75,000 before 4 PM.”

💰 Impact:

• Often leads to Business Email Compromise (BEC) scams
• High financial and reputational risk

3. 🧱 Clone Phishing

Attackers create a replica of a legitimate email and resend it with a malicious twist.

🔑 Characteristics:

• Same content as a previously received real email
• New version has a malicious attachment or altered link
• Often appears to be a “resend” or “updated version”

📌 Example:

“Resending the invoice with updated details — please use this copy instead.”

4. 💀 Malware-Based Phishing

Delivers malicious attachments or links that download trojans, keyloggers, or ransomware.

🔑 Characteristics:

• May appear as invoices, resumes, delivery notifications
• File extensions like .exe, .docm, .zip, .scr, or even .pdf
• Often bypasses filters with compressed or obfuscated files

📌 Example:

“See the attached resume. Candidate is available for interview tomorrow.”

5. 🧪 Credential Harvesting

Emails with links that lead to fake login pages resembling Office365, Google, Dropbox, etc.

🔑 Characteristics:

• Link redirects to spoofed web form
• Often asks to “re-login” or “verify credentials”
• May look exactly like your real login page

📌 Example:

“You have a secure file waiting. Login with your Microsoft account to access.”

🎯 Goal:

• Capture usernames, passwords, and MFA tokens

6. 👨‍💼 Business Email Compromise (BEC)

Attackers hijack or spoof business email accounts to conduct fraudulent transactions or gain access.

🔑 Characteristics:

• May come from a real email address if the account is compromised
• Requests wire transfers, changes in payment methods, or sensitive data
• Can bypass spam filters due to real domains

📌 Example:

“We’ve changed our bank details for all future invoices. Please update accordingly.”

7. 📦 Brand Impersonation Phishing

Uses trusted brand names (Amazon, PayPal, Microsoft, etc.) to trick users into clicking links or entering information.

🔑 Characteristics:

• High-quality design mimicking real emails
• Includes logos, official-sounding tone, and clickable buttons
• Often redirects to phishing sites

📌 Example:

“Your Amazon account has been suspended. Click here to verify your identity.”

📊 Comparison Table: Email Phishing Types

🧠 How Attackers Choose Their Methods

🧰 Tools & Techniques Used in Phishing Campaigns

• Email spoofing tools to fake sender addresses
• Phishing kits for auto-generating fake login pages
• URL shorteners to hide true destinations
• AI/LLMs to write convincing email content
• Recon via LinkedIn or social media for personalization

🧠 Case Study: Real Phishing Attack Breakdown

Attack: Whaling attempt on a US-based CFO
Subject Line: "Urgent: Payment Authorization Required Today"
Spoofed Email: ceo@companyexecutive.com
Content: Requested immediate $25,000 transfer to a new vendor
Detection Clue: Slight domain typo (executive was misspelled)
Outcome: Flagged by finance team, reported to IT — attack failed

🔐 Summary

Understanding the varieties of phishing attacks is essential in today’s cyber threat landscape. Attackers continuously refine their tactics, often blending methods (e.g., using malware with spear phishing). By recognizing the intent, structure, and execution of these emails, users and organizations can respond faster and reduce risk.

In the next chapter, we’ll explore how to identify phishing emails in the wild, even when they’re disguised to perfection.