Types of phishing techniques that cybercriminals use to target you

Phishing is a technique used to obtain personal information from people, usually for financial gain or other criminal activities.  Years ago, malicious activity such as viruses and hacking were more often motivated by testing hacking ability or creating anarchy in some fashion, making a name for one’s self. Most recently, it has become a profitable business.

Hopefully, you have the time to read this blog and find it informative – but there is a lot to take in. So, here is the TL;DR:

Unless you are expecting the content you have received, in the context that you have received it, from the contact you received it from – it is probably malicious. Its okay to trust, but you must verify.

GET YOUR FREE GUIDE HERE - Five ways to stay safe online

Like most iterations of viruses, exploitation of software vulnerabilities and other malware, these cybercriminals and organisations are always working on new ways to achieve their goals. As such, there is a lot of different techniques and methods that we commonly see.

Spear Phishing

A very targeted method of attack that is often researched and personalised by the cybercriminal to appear as genuine content and trick the person. The most common method that we have seen of this style of attack is an impersonation of a CEO/CFO sending an email to the accounts person requesting an urgent bank transfer. 

Email & Spam

The most common form yet is still so successful due to the ability to automate the delivery of malicious content to so many individuals with relative ease. Often content is from an official source such as Australia Post, the Australian Federal Police or utility companies suggesting that you have a package, a fine or an outstanding account.


Often can be fed through from emails appearing to be an official source. Another method is a web-based man in the middle type of attack that occurs between the original, genuine site and the phishing website. Often they will collect information as the user continues to fill it in, or will prompt you to log in – continually failing your attempts to obtain a number of your passwords.

Deceptive Website Links

Often when you receive an email, it may have a link to a website.  The text of the link can be configured differently to the actual link that opens when you click on it – sending you to an unexpected site.


When you visit a website, it will often load content from a lot of different sources. This could be harmless (but annoying) advertisements, or other additional content (think embedded YouTube videos). These sites can sometimes be inadvertently be impacted by dodgy advertising running scripts, or even vulnerabilities from Adobe PDF or Flash embedded content.


Less frequent due to the complexity of getting it onto a machine, keyloggers will merely log every keystroke that you make on the keyboard, and send the information back to a central store. So if you got to log in to your email, it could track the web URL, the username and password being entered.


Trojans horse malware will allow unauthorised access to your machine or user account to collect more details before being transmitted to the cybercriminals. Often the malware is delivered through a series of misleading actions or other malware.

Phishing via Search Engines

Website rankings are designed to try and weed out these sites, but it is possible to structure a website so that it climbs search engine rankings to mislead users. It could be slightly different website links that have pages that look very similar. The most common ones will be targeting popular search terms for maximum impact.


This one has become increasingly popular in recent times, with recent examples of Telstra calling and saying they will cut off internet connections and asking people to verify their identity. Microsoft technical support is another common one. A rather amusing revenge video against a vishing scam on YouTube from “Nicole Mayhem” is a good watch


SMS based phishing, often containing a link that we often innocently click on which launches on our mobile phones. Malware is designed to then infiltrate vulnerabilities on mobile devices for various reasons. 


Ransomware can be delivered by a number of the previously mentioned techniques and encrypts all your personal and network data to demand a monetary sum to decrypt your data. These attacks are becoming more sophisticated, some even being manually run by hackers with backups being paused or deleted prior.

There are plenty more different methods and techniques, but these are some of the common ones. 

Preparing Organisations For Australia’s Data Breach Law

GET YOUR FREE GUIDE HERE - Five ways to stay safe online


At Evolve IT, we understand the unique challenges of organisations and have helped a range of business improve their cybersecuirty.


Posted by Matt Sutherland

Subscribe to our blog