The 5 phases of a phishing attack

19 October 2016

Phishing attacks have recently become more carefully crafted and even more effective, no longer random mass emails attacks. A phishing email may be a very targeted attack, a spear phishing attack and even whale phishing. These kinds of attacks have made the headlines over the past few years for recent large corporate and government hacks. Follow this infographic to see the phases a cyber criminal would go to when carrying out a phishing attack.

5 phases of a phishing attack infographic

Around 500 million phishing emails are sent every day. Every minute, over 250 computers are hacked globally. These security breaches cost companies of all sectors and sizes $380 billion a year in stolen data and business intelligence. Don’t let your business get caught out by a phishing attack. Be prepared to combat these damaging security threats.

85% of organisations reported being a victim of a phishing attack in 2015

1/3 of all phishing emails get sent out get opened

$1.6m is the average financial cost of a spear phishing attack

The 5 phases of an attack

While most organisations know what phishing is, few realise the phases of an attack and the extreme lengths to which a cyber criminal will go to initiate a phishing attack. Follow these 5 steps to see what a criminal will do to hook your business in a phishing attack.

1. Cyber thieves research using sites where information is open, such as LinkedIn, for gathering information to impersonate a business's information and find which employees to target.

2. The criminals then register a domain name that appears very similar to the actual company domain. For example, (note the r & n used in place of the m in company) to convince the recipient it has come from a trusted or well known source.

3. The chosen recipients receive a fake email that appears authentic, but has dangerous embedded links. These direct you to hoax sites where logins and personal details will be requested or a virus will be installed.

4. The recipient believes the email is authentic, clicking on a dodgy link and engaging with the criminals. The phishing net has now been cast.

5. The cybercriminal is now free to act maliciously by exploiting stolen data or holding your information to ransom.

Antivirus is not enough

There are 450,000 new threats emerging daily.

There are multiple steps a company can take to protect against phishing, and with threats growing as quickly as they are, a single antivirus solution is no longer going to cut it. Keep an eye on current phishing strategies and ensure security policies and solutions can eliminate threats as and when they evolve.

It is equally as important to make sure employees understand the types of attack they might face, the risks involved and how to address them safely. Informed employees and properly secured systems are key when protecting your company from phishing attacks.

Protect your organisation from one of the most deadly threats in the cyber security ocean. For more information on cyber security and how to keep your business safe from an attack, visit our resource library at


Could you catch a phishing attack 100% of the time? Are you sure? Prove it.

Learn More

Related Content