Reminder: Phishing is still the method of compromise most widely used. 91% of cyberattacks use phishing emails. With ransomware, the number is about 70%.
Phishing is really sophisticated sometimes. You may get phishing emails that look exactly like the real thing and the sites they lead to can have images and layouts stolen from the mimicked website.
Spearphishing is a targeted attack against certain individuals at an organization. Whaling is directed at big names at an org, typically a CEO or CFO–or someone with purchasing power since money transfers are the goal.
Smishing uses SMS (text) messages to get you to click and vishing uses phone calls or voice messages to get a target to do something the threat actor wants.
Don’t click. Don’t open attachments. Don’t even respond.