---
title: "8 Types of Phishing Attacks to Be Wary of | DMARC Report"
description: "Phishing remains the #1 initial access vector for cyberattacks, and email authentication (SPF + DKIM + DMARC) is the primary technical defense."
image: "https://dmarcreport.com/og/blog/8-types-of-phishing-attacks-to-be-wary-of.png"
canonical: "https://dmarcreport.com/blog/8-types-of-phishing-attacks-to-be-wary-of/"
---

Quick Answer

Phishing remains the #1 initial access vector for cyberattacks, and email authentication (SPF + DKIM + DMARC) is the primary technical defense.

Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2F8-types-of-phishing-attacks-to-be-wary-of%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=8%20Types%20of%20Phishing%20Attacks%20to%20Be%20Wary%20of&url=undefined%2Fblog%2F8-types-of-phishing-attacks-to-be-wary-of%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2F8-types-of-phishing-attacks-to-be-wary-of%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2F8-types-of-phishing-attacks-to-be-wary-of%2F&title=8%20Types%20of%20Phishing%20Attacks%20to%20Be%20Wary%20of "Share on Reddit") [ ](mailto:?subject=8%20Types%20of%20Phishing%20Attacks%20to%20Be%20Wary%20of&body=Check out this article: undefined%2Fblog%2F8-types-of-phishing-attacks-to-be-wary-of%2F "Share via Email") 

![8 Types of Phishing Attacks to Be Wary of](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) 

\*\*Phishing remains the #1 initial access vector for cyberattacks, and email authentication (SPF + DKIM + DMARC) is the primary technical defense. Per the [FBI’s 2022 IC3 Report](https://www.ic3.gov/Media/PDF/AnnualReport/2022%5FIC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year. DMARC with `p=reject` prevents attackers from spoofing your domain in phishing campaigns.

> From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.

\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses.

## 8 Types of Phishing Attacks

## 1\. **Email Phishing** [Email phishing](https://www.csoonline.com/article/649551/email-phishing-still-the-main-way-in-for-hackers-report.html) is a deceptive practice where attackers send \*\*fraudulent emails to users and potential customers on behalf of companies to trick them into sharing **sensitive information**, [installing malware](https://www.indiatoday.in/technology/news/story/beware-of-this-fake-chrome-update-it-is-installing-malware-that-can-take-over-your-computer-2455535-2023-10-30) through links, transferring money, etc.

An example of email phishing is a fake email appearing to be from a reputable source, like a bank, requesting the recipient to click on a link and provide **login credentials**, leading to a fraudulent website designed to steal the information.

[SPF](https://dmarcreport.com/what-is-spf/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [DMARC](https://dmarcreport.com/) are [email authentication](https://dmarcreport.com/blog/spf-vs-dkim-vs-dmarc-difference-explained-2026/) and \*\*security protocols that organizations can deploy to prevent attackers from exploiting their domain name to send phishing emails.

## 2\. Whaling

In [whaling attacks](https://www.infosecurity-magazine.com/news/ceo-sacked-after-56-million/), bad actors target high-profile individuals or employees like CXOs to fool them into sharing sensitive data and account credentials that are further compromised to gain access to their accounts or intercept information.

![Dmarc check](https://media.mailhop.org/dmarcreport/images/2023/12/dmarc-check-12.jpg) 

Generally, phishers impersonate a company’s CEO and send an \*\*urgent whaling email or text message to an executive or their partner, requesting them to do something at the earliest.

Usually, they email someone from the finance team, giving them an order to make payments or download [malicious software](https://www.xcitium.com/blog/pc-security/what-is-malicious-software/). In these scenarios, the sense of urgency should be perceived as a warning of \*\*cybersecurity threats and [data breaches](https://portswigger.net/daily-swig/prison-service-for-england-and-wales-recorded-more-than-2-000-data-breaches-over-12-months).

## 3\. Smishing and Vishing

[Smishing and vishing](https://www.tessian.com/blog/what-is-smishing-and-vishing/) are types of phishing attacks attempted using [social engineering tactics](https://votiro.com/blog/5-psychological-tricks-hackers-use-to-make-users-download-files/), but they occur through different communication channels. Smishing involves the use of text messages or SMS to manipulate a user into sharing \*\*social media credentials or performing other specific actions.

[Vishing or voice phishing](https://cheapsslsecurity.com/blog/what-is-voice-phishing-vishing-definition-meaning/), on the other hand, is another phishing attack type that is attempted over **voice communication**, usually a phone call. _An example of vishing is an automated voice message pretending to be from a government agency or a financial institution, asking the recipient to call a specified number to verify account details_. These cases further turn into ransomware instances.

## 4\. Spear Phishing

This is one of the smartest phishing techniques , where cyber criminals design threats for specific individuals or organizations. It involves personalized message content and \*\*in-depth research on victims, aiming to trick them into revealing sensitive information or installing malware. These phishing scams are difficult to detect as [hackers exploit personal details](https://www.firstpost.com/tech/news-analysis/us-hit-by-major-cyberattack-hackers-exploit-ibm-steal-over-millions-of-peoples-healthcare-personal-data-12999372.html), making them appear more legitimate.

![What is dmarc](https://media.mailhop.org/dmarcreport/images/2023/12/what-is-dmarc-6470.jpg) 

## 5\. Search Engine Phishing or SEO Poisoning

In search engine phishing attempts, an attacker builds a [fake website with attractive products](https://www.bbc.com/news/business-66580724). These products are then shown in **online ads**, luring victims to enter sensitive information to make the purchase. Later, hackers misuse these details.

One such phishing attack took place in the name of Booking.com, a popular hotel booking platform. In this, **ads pop-ups**, notifications, and phishing messages were [sent to targets](https://www.todayonline.com/singapore/explainer-how-hotel-booking-scams-happen-guard-2279236) to redirect them to a cloned website. As of October 2023, customers have lost at least S$441,000 to this phishing scam.

## 6\. HTTPS phishing

These types of phishing attacks and threats include a deceptive URL with the “https://” prefix to trick them into entering **sensitive information**. The mimicked content makes the website appear genuine, generally belonging to a bank, business, or government organization. Cybercriminals may use similar-looking URLs or employ tactics like [homograph attacks](https://www.malwarebytes.com/blog/news/2017/10/out-of-character-homograph-attacks-explained), using visually similar characters to mimic legitimate domain names.

## 7\. Pharming

Pharming is a type of phishing email attack where hackers send [malicious codes](https://snyk.io/learn/malicious-code/) or malware to targeted recipients in an attempt to steal their credentials and data. It’s a \*\*two-step process that begins when an attacker installs malicious code on the victim’s devices or server. The malicious code \*\*takes the victim to a fraudulent website that requests them to enter personal data or login credentials or use their online services.

## 8\. Evil Twin Phishing

An evil twin phishing attack occurs when cyber criminals establish a **deceptive Wi-Fi access point**, aiming for users/ victims to connect to it rather than a genuine one. Upon connecting, all the data shared with the network is routed through a server controlled by the attacker. _This malicious counterpart can be generated using a smartphone or other internet-capable devices along with easily accessible malware_. Evil twin attacks are prevalent on unsecured public Wi-Fi networks, posing a threat to personal [data security](https://www.fortinet.com/resources/cyberglossary/data-security#:~:text=Data%20Security%20Meaning%20and%20Definition,%2C%20theft%2C%20or%20unauthorized%20access.).

## Final Words

Focusing on security awareness training, being wary of suspicious attachments, identifying and fixing vulnerabilities, and **protecting your domains and devices** (computers, smartphones, modems, etc.) are some ways to safeguard yourself from [phishing campaigns](https://securityaffairs.com/155756/hacking/oauth-applications-abuse-attacks.html).

## Topics

[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/) 

![Vasile Diaconu](https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg) 

[ Vasile Diaconu ](/authors/vasile-diaconu/) 

Operations Lead

Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report.

[LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Foundational 8m  10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective  Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[  Foundational 12m  10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast  Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[  Foundational 12m  10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection  Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[  Foundational 12m  10 Reasons SPF Filtering Is Critical For Email Security  Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"8 Types of Phishing Attacks to Be Wary of","description":"Phishing remains the #1 initial access vector for cyberattacks, and email authentication (SPF + DKIM + DMARC) is the primary technical defense.","url":"https://dmarcreport.com/blog/8-types-of-phishing-attacks-to-be-wary-of/","datePublished":"2023-12-16T10:50:24.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2023-12-16T10:50:24.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/8-types-of-phishing-attacks-to-be-wary-of/"},"articleSection":"foundational","keywords":"dkim, DMARC, email security, SPF","wordCount":942,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"8 Types of Phishing Attacks to Be Wary of","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"8 Types of Phishing Attacks to Be Wary of","item":"https://dmarcreport.com/blog/8-types-of-phishing-attacks-to-be-wary-of/"}]}
```