Phishing is still one of the biggest cybersecurity threats in the world.

In fact, according to research by cybersecurity firm Barracuda, phishing has become so rampant that the number of coronavirus-related phishing attacks increased by 667 percent from January to March this year. What’s even more alarming is that according to an Intel study, up to 97 percent of people cannot identify a phishing email.

To avoid becoming a victim, you need to know the different ways phishers could try to attack you. Here are eight different types of phishing attempts you might encounter.

1. Email Phishing

This is the typical phishing email that is designed to mimic a legitimate company. It’s the least sophisticated type of attack using the "spray and pray" method.

They won’t target a specific person and often just send out generic emails to millions of users hoping that some unsuspecting victims will click the link, download the file, or follow the instructions in the email.

They often aren’t as personalized so they use general salutations like "Dear account holder" or "Dear valued member". They also often use panic or fear with words like ‘URGENT’ to drive users to click the link.

Related: What To Do After Falling for a Phishing Attack

2. Spear Phishing

spear phishing targets

This is a more sophisticated and advanced type of phishing that targets a specific group or even specific individuals. It is often used by high-profile hackers to infiltrate organizations.

Scammers perform extensive research about people, their background, or the people they routinely interact with so they can craft a more personal message. And because its more personal users don’t often suspect that something’s amiss.

Always check the email address and format of the letter against what you’d normally receive from that contact. It’s also best to call the sender and verify everything before downloading a file attachment or clicking links even if it seems like it's from someone you know.

Related: What You Need To Know About Swatting

3. Whaling

This is another sophisticated and advanced type of phishing, only this one targets one specific group of people---high-profile business executives like managers or CEOs.

They would sometimes address the target directly in the salutation and the message could be in the form of a subpoena, a legal complaint, or something that requires urgent action to avoid bankruptcy, getting fired, or legal fees.

Attackers would spend a lot of time doing extensive research about the person and crafting a specialized message to target key people in an organization who would normally have access to funds or sensitive information.

The target will be sent links to a convincing login page where access codes or login information will be harvested by hackers. Some cybercriminals would also ask victims to download an attachment to supposedly view the rest of the subpoena or letter. These attachments come with malware that can gain access to the computer.

4. Vishing

vishing or voice phishing target

Vishing or voice phishing is a type of phishing but instead of sending an email, attackers will try to get login information or banking details over the phone.

Attackers will impersonate staff from an organization or support personnel from a service company then play on emotions to ask victims to hand over bank or credit card details.

The message could sometimes be about an overdue amount like taxes, contest winnings, or be from a fake tech support personnel requesting remote access to a computer. They might also use a pre-recorded message and phone number spoofing, making an overseas call seem as if it is local. This is done to lend credibility to the attack and make victims believe that the call is legitimate.

Experts advise people never to give out sensitive information like login details, social security numbers, or bank and credit card details over the phone. Hang up and call your bank or service provider immediately instead.

Related: Don't Be Fooled by These Advanced Phishing Techniques

5. Smishing

Smishing is any form of phishing that involves the use of text or SMS messages. Phishers will try to lure you into clicking a link sent via text that will lead you to a fake site. You will be told to type in sensitive information like your credit card details. Hackers will then harvest this information from the site.

They would sometimes tell you that you've won a prize or that if you don't type in your information you will continue to be charged per hour for a particular service. As a general rule, you should avoid replying to texts from numbers you don't recognize. Also, avoid clicking links you get from text messages especially if you do not know the source.

6. Angler Phishing

This relatively new phishing tactic uses social media to lure people into sharing sensitive information. Scammers monitor people who post about banking and other services on social media. They then pretend to be a customer service representative from that company.

Say you post a rant about a delayed deposit or some bad bank service and the post includes the name of your bank. A cybercriminal will use this information to pretend that they are from the bank and then reach out to you.

Related: 7 Quick Sites That Let You Check If a Link Is Safe

You will then be asked to click on a link so you can talk to a customer service representative and then they will ask you for information to ‘verify your identity’.

When you receive a message like this, it’s always best to contact customer service through safe channels like the official Twitter or Instagram pages. These would normally have a verified account sign.

7. CEO Fraud Phishing

This one is almost like whaling. It targets CEOs and managers but it gets even more insidious since the goal is not just to get information from the CEO, but to impersonate him or her. The attacker, pretending to be the CEO or similar will then email colleagues requesting money through bank transfer or asking to send confidential information immediately.

The attack is normally aimed at someone within the company who’s authorized to make bank transfers, like budget holders, people from the finance department, or those privy to sensitive information. The message is often meant to sound very urgent, so the victim won’t have time to think.

8. Search Engine Phishing

search engine phishing uses SEO techniques

This is one of the newest types of phishing attacks that uses legitimate search engines. Phishers will create a bogus website offering deals, free items and discounts on products, and even fake job offers. They will then use SEO (search engine optimization) techniques to have their sites indexed by legitimate sites.

So when you search for something, the search engine will show you results that include these fake sites. You will then be duped into logging in or providing sensitive information that is then harvested by cybercriminals.

Some of these phishers are becoming adept at using advanced techniques to manipulate search engines to drive traffic to their websites.

Stay Informed and Be Vigilant

Knowing the names for each type isn’t really as important as understanding each attack’s MO, mode, and channel. You don’t have to confuse yourself with what they’re all called, but it is important to know how their messages are crafted and which channels attackers use to get to you.

It’s also important to always remain vigilant, and know that there are so many people out there who are out to trick you into giving out your details. Understand that your company may become the target of an attack and criminals are looking for a way into your organization.

Knowing such threats exist is the first step towards preventing your computer from becoming an attacker’s entry point. It's also very important to double-check the source of the message before you take action.

You need to also understand that attackers sometimes use people’s fear and panic to get users to do what they want. So when faced with a threat it is important to calm down so you can think. And when it comes to spotting promo and freebie scams, the old adage still applies: if something sounds too good to be true, it probably is.