What methods can cyber criminals use to carry out phishing attacks?
16th June 2025
91% of phishing attempts are made via email,* but what other methods can cyber criminals use to infiltrate your systems?
Phishing attacks continue to be one of the greatest cyber security threats in 2025. Each day, bad actors attempt to manipulate users out of their account details to gain access to private information, with tools like AI helping to make the attacks more complex and harder to spot.
This being the case, it is important to be aware of all the ways that phishing can be attempted, so you know what to look out for. Take a look at our guide and next time you receive communication through any of these methods, think twice before you click:
Email-Based Phishing: the most popular method for phishing, emails used to try and pry important details out of you are extremely common. Within email phishing there are multiple types of attack to be aware of:
· Deceptive phishing – fake emails that appear to be legitimate (a recreation of a bank’s email style, for example).
· Spear phishing – emails that are targeted towards certain companies or individuals, tailored to be more personal and harder to determine as unauthentic.
· Whaling – phishing attempts at high-profile targets (executives or government employees).
· Business Email Compromise (BEC) – pretending to be at a high level in a company to trick lower-level employees into transferring money.
· Clone phishing: a legitimate email is copied, with malicious links installed over it.
Mobile Phishing: these are phishing attempts sent to your phone, which include Smishing (using urgent SMS messages to panic users into clicking malicious links), Vishing (voice phishing over the phone, pretending to be from a legitimate organisation) and Voicemail phishing (fake voicemail alerts with links to malicious websites included.
Web-Based Phishing: criminals can utilise websites to trick users into handing over their logins and passwords. Fake websites, designed to look like real ones, can steal victims’ credentials; Man-in-the-Middle (MitM) attacks intercept the information between users and websites to get the details and Ad-Based phishing uses malicious adverts to redirect users to phishing sites.
Additional Phishing: this includes things like QR Code phishing (never scan a QR code you don’t know out in public and always check to make sure another QR code hasn’t be plastered over a legitimate one to trick you), Image-Based phishing, phishing using Deepfakes or other technical exploits.
As our list explains, phishing attempts can come from almost anywhere. The best way to counteract them is to be constantly vigilant, aware of the signs of a phishing attack and to have a robust cyber security system supporting you so that you have the best chance of staying ahead of bad actors.
If you’d like to know about one of these attack methods in more detail, contact Interfuture Security.