What Is Phishing?

6 min

Phishing is the most common type of cyber attack. It’s when attackers use electronic communication to trick victims into sharing sensitive information, usually on fake websites.

Phishing is widespread, it works, and it’s costly. In 2017, the FBI estimated that phishing attacks cost American businesses nearly $500 million a year.

Don’t take the bait. Learn about the different types of phishing attacks to avoid getting duped.

Phishing attempts are usually carried out via email. You can think of basic phishing as a spam email containing something malicious that goes out to many people en masse. It’s as if the attacker were fishing with a huge net, not targeting any particular fish (or victim).

Spear phishing is a phishing attempt directed at specific people or companies. Attackers gather information about their targets, then craft convincing messages, purportedly from trusted sources, that are designed to infect the targets’ devices or networks. Hackers used spear phishing tactics to target Sony Pictures in 2014.

Clone phishing is when attackers create nearly identical versions of legitimate emails from the past. These emails typically contain attachments, which are replaced with malicious versions. The messages are then re-sent, claiming to contain updates to the original attachments.

Whaling is the term used for phishing attacks specifically directed at corporate executives. Whaling messages are meant to look like urgent business issues, such as complaints or subpoenas.

No matter your role at your organization, you may be targeted by phishing attempts, so be on the lookout. If you receive any suspicious messages, notify your IT team.

Time for a quiz.

Rita is an assistant store manager at a department store. The head store manager appears to have just re-sent her an email with updated floor assignments in an attachment. Rita is suspicious of the message. What kind of phishing attempt could it be?

Quiz 1 of 1

What kind of phishing attempt might the email be?

Spear phishing
Clone phishing
Marketing phishing

The correct answer is B.

The email allegedly re-sent from Rita’s head store manager could be an instance of clone phishing. This is when attackers send reproductions of old emails with malicious attachments, meant to infect targets’ devices and steal their information.

Rita should review the sender email address to see if it's really from her manager. She could also check with her manager in person before opening the attachment.


If you receive any “urgent” emails asking you to take prompt action, review them carefully. They could be phishing attempts.

Lesson complete

Like what you see?

Try us for free! Check out our library of 2000+ Microlearning® lessons and try creating your own lesson.

Sign me up