1. Phishing
Phishing is a cyberattack where attackers send fake emails or messages pretending to be from trusted organizations (like banks or companies) to trick people into revealing sensitive information such as passwords, credit card numbers, or login details.
2. Spear Phishing
Spear phishing is a more targeted form of phishing. The attacker customizes the message for a specific person or organization, often using personal information, making the message seem more legitimate and harder to detect.
3. Whaling
Whaling is a type of spear phishing that targets high-level individuals such as CEOs, executives, or senior managers. The goal is usually to steal large amounts of money or sensitive corporate information.
4. Smishing
Smishing is phishing conducted through SMS or text messages. Attackers send fake texts that often include urgent messages or malicious links to trick users into clicking or sharing personal information.
5. Vishing
Vishing (voice phishing) uses phone calls or voice messages. Attackers impersonate trusted authorities like bank officials or government agencies to pressure victims into sharing confidential information.
6. Social Engineering
Social engineering is a broader term that refers to manipulating people psychologically to gain unauthorized access to information, systems, or resources. Phishing, spear phishing, whaling, smishing, and vishing are all types of social engineering attacks.
✅ Real-Life Examples
1. Phishing
You receive an email saying “Your bank account will be locked. Click here to verify your details.”
The link leads to a fake website that steals your login information.
2. Spear Phishing
An employee gets an email that appears to be from their manager, mentioning their name and department, asking them to urgently share a document or password.
3. Whaling
A company CEO receives an email that looks like it’s from the legal department asking for immediate approval of a large wire transfer.
4. Smishing
You get a text message saying “Your package delivery failed. Click this link to reschedule.”
The link installs malware or steals personal information.
5. Vishing
Someone calls pretending to be from your bank, claiming suspicious activity on your account and asking for your OTP or PIN.
6. Social Engineering
An attacker pretends to be an IT support person and convinces an employee to reveal their login credentials to “fix” a system issue.
📊 Comparison Table
| Attack Type | Method Used | Target Audience | Example |
|---|---|---|---|
| Phishing | Email / Online | General public | Fake bank email |
| Spear Phishing | Personalized email | Specific individual/group | Email using personal info |
| Whaling | Executives / CEOs | Fake legal request | |
| Smishing | SMS/Text message | Mobile users | Fake delivery text |
| Vishing | Phone calls | Anyone | Fake bank call |
| Social Engineering | Any communication | Anyone | Fake IT support |
Key Tip to Stay Safe
- Never click unknown links
- Verify sender details
- Do not share passwords, PINs, or OTPs
- When in doubt, contact the organization directly
