Phishing is an online method where hackers impersonate legitimate businesses or reputable people to steal personal information such as usernames, passwords, or banking details. If you have an online footprint, you are likely to be targeted for phishing attacks. Let us go through five common phishing attacks to help protect yourself:

Email phishing

Email phishing is possibly the most common type of phishing. Hackers impersonate organisations or reputable identities to send out bulk emails soliciting action from potential victims.

Ways to identify phishing emails

  • Check if the address on the webpage matches that of the company requesting your information.
  • Most phishing emails will have a sense of urgency informing clients that their information is compromised - or they won and they need to send details.

Spear phishing

This attack is also via email. It is personalised to appear legitimate. It will include details such as a name, surname, work number or job function.

Ways to identify spear phishing

  • Unusual requests from your organisation's department heads.
  • Password-protected documents that require you to log in.


Also known as CEO fraud, this type of attack is like spear phishing but targets senior executives. The hackers will impersonate a senior executive of a company to solicit what they need.

Ways to identify whaling

  • If this is the first time you have received a direct request from a senior executive, then it is safe to inquire further.
  • If the request is sent to your personal email address.


SMiShing refers to the use of SMSes or text messages to carry out phishing attacks. Similarly, to email phishing, the attacker will entice the user to click a link or respond with personal information. If you click on a link, you will likely install malware on your device.

Ways to identify Smishing

  • A text message, offering you a chance to win and prompting a response from you.
  • Store vouchers, which include a link for you to click on to redeem them.


Same as SMiShing, but instead of text messages, the vehicle with this type of attack is a voice call. The call can occur over a landline, cellular network, or VoIP (Voice Over Internet Protocol).

Ways of identifying Vishing

  • The caller will act as your banker or even a SARS consultant to solicit personal information like credit card details.
  • The number is unknown to you or blocked.

Top tips:

Phishing comes in many other forms, which is why you should always be on the lookout.

  • When in doubt, triple check all the details.
  • Trust your instincts.

If something does not feel right, investigate it. Contact and probe the company in question. Drop a comment on the comment section or our social media pages.

In case you've missed it. Here's more information to help protect yourself against Phishing.


Article by
Modiegi N

Meet the Team