We use cookies on this website to provide a user experience that’s more tailored to you. By continuing to use the website, you are giving your consent to receive cookies on this site. Read more about our Cookie Policy and Privacy Policy.

I accept

Home > Resources Center > Blog


What is Phishing? Attack Types & Anti-phishing Tools for Business

Information Security

What is Phishing? Attack Types & Anti-phishing Tools for Business

Phishing has long been identified as an online scam that lures victims into giving out credentials via fraudulent emails, messages or websites. Still, 97% of people failed to spot a phishing attack at the first glance. As scammers are getting more targeted and sophisticated, even the most cautious might fall prey to phishing attacks, not to mention businesses with weak preventive, detective and responsive measures.

Phishing Attacks have Skyrocketed during COVID-19

Apparently, the accelerating pace of digital transformation has emboldened cybercriminals to ramp up the frequency of phishing attacks. The number of phishing attacks has also increased during the peak of the global pandemic.

In addition, the rise of Internet-connected devices has generated cybercrimes given that the incentive to commit phishing attacks is higher than ever.

Phishing often disguises itself as a legitimate message from a trusted brand such as banks or large corporations so as to trick victims into giving out sensitive information or making payments. Scammers might even create an official website for their fake profiles to enhance persuasiveness. With its “real-enough” feature, phishing has always been one of the most common cyberattacks, in which the targets are mainly businesses, small to medium-sized to be specific.

Anatomy of Phishing Attacks

(1) Get Victims to Pay Attention

As people nowadays are more aware of the dangers posed by unknown parties, hackers have to mimic authentic organizations by using similar email domains, greetings, tones and manners, typefaces, logos, signatures and more.

To make the messages more catchy, phishing emails often create a sense of urgency in the subject lines, popular phrases include “Limited Offer”, “Hurry”, “Urgent” and “Help”.

(2) Convince Victims to Take Action

After grabbing targets’ attention, the next step is to get them to take action.

Given that the ultimate goal is to trick victims into opening malicious links or downloading infected attachments, the majority of phishing emails are stuffed with words that suggest immediacy. To lure the targets into a false sense of security, hackers might also increase the trust cues by capitalizing on several well-known events, for example:

    • Account Suspension
    • Suspicious Activity Detected
    • Unsafe Passwords
    • Rush Order
    • COVID-19 Exposure Notification

(3) Activate Malicious Code to Steal Credentials

Normally speaking, if you haven’t clicked or downloaded anything, the phishing messages remain harmless. However, if you have committed any of the following actions, the malicious commands are very likely to be triggered and executed under your watch:

    • Click on any unknown links
    • Download any malicious files or email attachments
    • Hand over any of your sensitive information

Sometimes, the hackers try to get away from the organization’s Email Security Gateway (SEG) by obfuscating the URL or attachments. For example, they might host documents on Dropbox, Google and Docusign to avoid being flagged, or use URL shorteners such as bit.ly and ow.ly to hide the destination.

5 Types of Phishing Attacks Explained

(1) Email Phishing

Email phishing is originated in the 1990s. Ever since, it has been the most commonly used phishing attack.

As its name goes, email phishing refers to the phishing attacks via email. Apart from an enormous amount of misspellings and grammatical mistakes, you might also pay attention to the email domains. Most fake domains involve character substitution, for example, replacing “l” with the capital letter “I”, using “rn” instead of “m”.

(2) Spear Phishing

Instead of sending out ambiguous messages in the form of fishing expeditions, spear phishing requires in-depth research and planning since it targets a specific individual, organization or business.

In the case of spear phishing, hackers can precisely include the receivers’ personal information, including but not limited to names, job titles, places of employment and even details of their co-workers. Since these deceptive messages are highly personalized, it is very possible for one to drop the guard down against cyberattacks.

(3) Whaling

People occasionally mix up whaling and spear phishing as both of them target particular individuals. What differentiates them is that whaling plays on employees’ submissiveness - phishing messages are sent on behalf of someone who is specifically senior or influential within the organizations, for example, the CEO, CFO and managers.

One classic example is the scammer pretending to be the receiver’s boss asking about purchasing gift cards or transferring funds.

(4) Vishing

Vishing, or voice phishing, refers to a verbal scam that attempts to obtain a target's sensitive information over a forged phone call or voice message.

Vishing can be seen as a follow-up call to previous text-based phishing. Callers will masquerade themselves as the experts or authorities in their expertise, for example, computer technicians, bankers or police officers. With the use of persuasive and forceful language, the scammers are able to make victims believe they have no other option but to provide the information as requested.

(5) Smishing

Similar to email phishing, smishing tricks users into sending private information via text messages, but mostly in a form of SMS.

As SMS marketing is gaining popularity, so does smishing. In February 2022, there was a massive SMS phishing targeting users of one of the cryptocurrency platforms. The SMS warned receivers about an unauthorized withdrawal alert, and at the bottom of the text, there was a link to cancel withdrawals. If users click on the link, he or she will be redirected to a fake website designed to harvest their login credentials.

3 Reasons Why Phishing Should Never be Ignored

(1)    Businesses of all sizes can be a victim

In today’s digital world, phishing attacks have left their mark across almost all industries worldwide. Businesses of all types can be victims of phishing, including Banking & Finance, Retail, Manufacturing and Healthcare industry.

(2)   Impacts of phishing are everlasting

A successful phishing attack can be destructive and unrepairable, including but not limited to:



● User downtime

● Remediation Time

● Data Breach

● Compromised Accounts

● Malware & Ransomware Infections

● Response & Repair Costs

●  Reputation Damage

●  Revenue Loss

●  Compliance Fines

●  Legal Fees

●  Loss of Customers

●  Loss of Brand Trust

(3)   Phishing attacks are harder to identify

The presentation of phishing is constantly changing. While some online scams remain easy to detect, many of them are getting more sophisticated and targeted than ever.

This evolving nature has made it immensely difficult for users to distinguish a phishing attack from a genuine message with naked eyes. It is of utmost importance for businesses to review the threat detection system regularly so as to prevent employees from clicking on distorted links and actually landing on the malicious websites.

Secure your Business with CITIC Telecom CPC

TrustCSI™ Managed Security Services (MSS)

To truly protect your organization and reduce risk, CITIC Telecom CPC offers TrustCSI™ Managed Security Service (MSS) to safeguard enterprises’ cybersecurity against malicious cyberattacks, especially phishing, malware and data breaches.

Our team of security experts are 100% certified with international security accreditations such as CISA, CISSP and CompTIA Security+. Complementing multiple Security Operations Centers (SOCs) with high availability and disaster recovery functionality, we provide comprehensive and robust managed security services with 24 x 7 monitoring which help you strengthen your cybersecurity measures and processes, analyze vulnerabilities and prioritize cyber threats.

TrustCSI™ Secure AI

TrustCSI™ Secure AI is highly recommended for detecting insider threats and other real-time anomalies such as zero-day attacks.

Empowered by behavioral analytics technology and advanced machine learning algorithms, any abnormalities posed by third parties can be probabilistically assessed in real-time, once a severe vulnerability is detected, security alerts will be sent to customers almost instantly, which is conducive to identifying and stopping even the most advanced cyberattacks.

TrustCSI™ Endpoint Detection & Response (EDR)

Tailored to the growing volume and complexity of cyberattacks, TrustCSI™ Endpoint Detection & Response (EDR) is a full-scope endpoint security solution specifically designed for modern businesses.

Leveraging the world-class virus detection and reconstruction technologies, our service is capable of uncovering and blocking incidents of all types promptly, examples include ransomware, malware and file-less attacks. Additionally, our dedicated security experts will offer seamless monitoring and managed services to nip endpoint security attacks in the bud, diminishing costly remediation process and breach impacts.

CITIC Telecom CPC is devoted to strengthening cybersecurity posture against cybercrimes, enabling enterprises to better detect, defend against, and recover from phishing attacks. Please feel free to contact our professional security team to explore more about our anti-phishing solutions and reduce potential cyber threats to your most vital business systems.

Contact Us
Company Name:
Contact Name:
Contact Phone Number:



Please slide to verify

Products & Services
Europe Solutions Networking Information Security Cloud Solutions Cloud Data Center Internet Services Managed Services
Architecture, Engineering & Construction Automobile BFSI Logistics & Transportation Manufacturing Legal & Accounting Services Retail Healthcare
Technology & Services
Consulting Services Customer Services
Resources Center
Product Leaflets New Offering Videos White Paper Success Stories Blog
About Us
Our Company Global Ecosystem Partners News Center Accreditation & Awards Careers
Contact Us

General Enquiry:
+372 622 33 99
Sales Hotline:
+372 622 33 60

Service Hotline +372 622 33 90

Contact Us

Follow Us

Copyright © 中信國際電訊(信息技術)有限公司 CITIC Telecom International CPC Limited

Thank you for your enquiry.

We will contact you shortly.
Need help? Chat with CPC Chatbot
Supported browsers: Latest versions of IE11, Firefox, Chrome and Safari.
Terms & Conditions
Welcome to CITIC Telecom International CPC Limited. Your conversation with CPC Chatbot may be recorded for training, quality control and dispute handling purposes. By clicking “Continue” and using CPC Chatbot, you accept and agree to be bound by our Privacy Policy and give your consent to receive cookies on this site. Read more about our Cookie Policy and Privacy Policy.