Targeted messages crafted using personal details to trick a specific person or team.

Example: An email referencing a recent project and asking for login details.

Voice-based phishing where attackers call and impersonate organisations to extract information.

Example: A caller posing as IT support asking for your password to "fix an issue".

Generic fraudulent emails pretending to be from trusted organisations asking you to click a link or provide credentials.

Example: An email claiming your bank account is suspended with a link to “reactivate”.

Attackers use HTTPS to look safe. Always verify the domain and certificate and do not trust the padlock alone.

Example: A link to https://secure-bank-login.example-login.com, shows a padlock but not the real bank domain and asks for your password.

Redirecting users from legitimate websites to fake ones (often via DNS or compromised routers) to steal data.

Example: Typing a bank URL but being forwarded to a convincing fake login page.

Fake browser pop-ups warn of “viruses” or urgent updates to trick you into downloading malware or calling fake support.

Example: A popup says “Your PC is infected, download this tool now” and provides a malicious installer.

Attackers create a fake Wi‑Fi hotspot with a familiar name so victims connect and have their traffic intercepted or credentials captured.

Example: A wifi named “Cafe_Free_WiFi” asks for email/password to “connect” and steals the entered info.

Attackers compromise sites frequented by a target group, then use those trusted sites to distribute phishing or malware.

Example: A popular industry forum is injected with malicious JavaScript that steals credentials.

High-value spear phishing that targets executives or other important people in an organisation.

Example: A fake invoice email sent to a CFO requesting an urgent transfer.

A real email or page is copied and modified to include malicious links or attachments, making it appear authentic.

Example: A resend of a previous invoice email with the payment link replaced by a malicious URL.

Generic scam emails impersonate trusted organisations to create fear or urgency, tricking recipients into revealing credentials.

Example: An email styled like a bank alert says “Your account is locked, verify now” linking to a fake login page.

Attackers manipulate emotions, fear, urgency, helpfulness to trick people into revealing secrets or taking unsafe actions.

Example: A colleague’s chat message urgently requests a shared folder password so “they can finish a report.”

Scams that occur on social media or customer support channels, impersonating official help accounts.

Example: A fake support tweet directing users to submit account details via a link.

Phishing delivered by SMS/text messages. It is often includes urgent links or codes.

Example: A text claiming a parcel is waiting and asking you to click a tracking link.

An attacker intercepts communication to steal credentials or alter messages without your knowledge.

Example: On public Wi‑Fi, a fake login page captures your email and password while appearing to be the real site.