The 9 Types Of Phishing Payloads Used In 2024

When it comes to phishing, the payload is everything, and by understanding what these payloads are, you'll be equipped to defend yourself against them.

In this blog, we'll outline the nine types of phishing payloads commonly used by cybercriminals in 2024. We'll walk through the different attacker objectives, delivery methods, and techniques you can use to spot each type of phishing payload.

1. Phishing Attachments

Phishing attachments are malicious files that, upon download or execution, perform a malicious action.

Typically, phishing attachments are used to directly compromise the device that a victim is using by gaining code execution capabilities. This means that the attacker can arbitrarily execute their own code on the compromised device and perform a range of malicious actions. For example, performing a ransomware attack, stealing intellectual property, and much more.

2. Phishing Website Links

Phishing website links are links embedded within a message which upon clicking or opening, display a fictitious website designed to capture sensitive information.

Typically, phishing website links are used to compromise credentials, allowing the attacker to then assume the online identity of the victim by accessing the service those credentials work for. Once the victim's account is compromised, the attacker can perform a range of malicious actions. For example, if a victim's email account is compromised, the attacker can initiate password resets for other accounts the victim has access to, allowing them to expand their access and onward attack other services.

3. Malicious Fund Transfer Requests

Fund transfer requests are requests embedded within messages that are designed to entice victims into transferring monetary funds to the attacker.

Typically, fund transfer requests come in two forms:

4. Callback Phishing Numbers

Callback phishing numbers are telephone numbers embedded within a message that, upon calling, draw the victim into a back-and-forth voice conversation with the attacker.

Typically, callback phishing is used as part of highly targeted spearphishing attacks, where the victim is enticed to disclose sensitive information or perform monetary fund transfers. This type of phishing payload is highly popular due to enhancements in AI, which allow attackers to clone the voices of individuals the victim trusts. Callback phishing also bypasses many of the spam protections that telecommunication providers implement to minimize spam calls because the call is inbound to the attacker, not outbound from the attacker.

5. Malicious QR Codes

Malicious QR codes (also commonly referred to as Quishing) are small images embedded within messages. They're designed for machines to read and lead victims to phishing websites.

Typically, QR codes are used instead of traditional phishing links because they obfuscate the phishing website link from being directly viewed by the human victim. The victim must first use a camera to read the QR code. They're then directed to the phishing website, making it difficult for victims to identify whether the QR code is legitimate or malicious.

6. Malicious Information Requests

Information requests are requests embedded within messages that are designed to capture sensitive information.

Typically, information requests are used as part of spearphishing attacks, where the attacker will build trust over time through back-and-forth communication. Once trust is established, the victim will progressively be enticed to disclose more and more information until the attacker's goal is obtained. For example, the disclosure of intellectual property, non-public financial statements, or other forms of sensitive information.

7. Malicious Meeting Invites

Malicious meeting invites are invites embedded within an email that takes advantage of the way many email clients automatically insert invites into a victim's calendar.

Without even needing to accept the invite, the meeting will appear in the victim's calendar, with many victims accidentally mistaking the meeting for one of the many meetings they need to attend in any given week. Malicious meeting invites will typically contain information about joining a video conference at the allocated time. Upon joining the video conference, the victim is enticed to disclose sensitive information or perform a monetary fund transfer. This type of phishing attack is growing in popularity due to enhancements in AI, which provide attackers with the ability to create deepfake voice and video of an individual the victim trusts.

8. Malicious Tracking Pixels

Malicious tracking pixels are transparent 1x1 pixel images embedded within an email that take advantage of the information disclosed by email clients when the image is loaded.

Typically, malicious tracking pixels are used as a means to an end instead of the end goal. By enticing a victim to simply load the image within an email, the attacker can validate that the email is monitored and also obtain the IP Address and User Agent String of the victim's email client. This information can then help the attacker better understand where the victim is located, who their internet service provider is, and the type of device or email client they're using.

For example, if an attacker is doing research on a target organization, they might send emails with malicious tracking cookies to hundreds of email addresses they find online. They don't know if these email addresses are valid until they see the tracking pixel has been loaded. Upon load, they can then determine what type of phishing material might be most effective against the victim based on their geographic location.

9. Misinformation And Psychological Manipulation

Misinformation and physiological manipulation attacks are simple messages that are designed to influence the victim subconsciously.

Typically, misinformation and psychological manipulation attacks are either financially or politically motivated, and they attempt to influence the victim by displaying misinformation. There is no direct action required on the victim's part aside from simply reading the message. The hope from attackers is that if they send enough of these messages and are able to get enough people to read them, they'll sway people to their cause through sheer brute force.

For example, if an attacker wanted to influence a stock, they might try to send 10 million phishing emails utilizing psychological manipulation. If they can get 1 in 1000 to believe their messaging, that's 10,000 people who get swayed to their cause. Manipulation at this scale is a highly effective technique.

Frequently Asked Questions

What's The Most Popular Type Of Phishing Payload?

Phishing website links are by far the most popular type of phishing payload. The reason for this is a mixture of their simplicity to set up and their effectiveness at compromising victims. Attackers don't need to worry about what type of operating system or device is in use; they just need to create a phishing website that works on modern browsers.

What's The Most Dangerous Type Of Phishing Payload?

Phishing attachments are the most dangerous type of phishing payload due to the level of access they give attackers. If an attacker can compromise your device and gain code execution capabilities, they can effectively gain access to all the data and access your device has.

What's The Best Way To Protect Against All Types Of Phishing Payloads?

The best way to protect against all types of phishing payloads is simply to maintain a level of awareness of what each phishing payload is. Attackers, in many cases, rely on victims simply not understanding what they're being presented with. By having a foundational knowledge of what phishing payloads are available, you'll be better equipped than most to spot them.