Seven different types of phishing payload

by Egress
Published on 1st Nov 2022

Phishing has long been one of the most frequently reported types of cybercrime, with hundreds of thousands of cases in 2021 alone. The danger of these emails come from the payload contained within. These payloads come in different forms and it's important to understand what you need to look out for. These attacks broadly fall into two categories – malware and links. Here are the most prevalent types to watch out for.


Malware (short for malicious software) is any intrusive software that cyber criminals use to damage computer systems and steal data. Here are five different kinds to be aware of:

1. Ransomware

Ransomware is a type of software that a criminal can use to hold your files hostage. Once on a computer or other device, the threat actor can demand ransom by encrypting the system and demanding money in exchange for the decryption key – it's usually almost impossible to decrypt the file or system any other way. This type of malware is most commonly spread through spam email campaigns using legitimate-looking links.

2. Macro attacks

This type of attack can be found hiding within Microsoft Office files. An attacker will deliver the payload within a ZIP file or other email attachment, using safe-sounding file names to convince people to open them. These names tend to indicate extremely mundane things that many of us look at every day, like receipts or other resources. 

3. HTML attacks

HTML attacks consist of injecting malicious HTML code into web pages. This enables cybercriminals to trick a user into entering personal information for them to steal. This type of attack is also called HTML injection or cross-site scripting (XSS). 

4. Spyware

One of the most common cybersecurity threats on the landscape is spyware. It's a type of malware that infiltrates a user's computer without their knowledge or consent. Once the software is there, it can observe and steal sensitive data – including bank and credit card details. Unlike other types of malware, spyware can actually be installed for non-malicious reasons, but the fact that it's been installed without permission means it can still be dangerous if abused. 

5. Worms

Computer worms are so dangerous because they clone themselves and spread from computer to computer. Plus, they can multiply without human interaction. If an unsuspecting user clicks a malicious attachment or link, the worm will download automatically, install itself, and then begin infecting any other computers on the network. 


Many of us are guilty of clicking links without giving them much thought. But you're at risk from a variety of phishing scams if you don't pay proper attention. Here are some of ways cybercriminals use malicious link payloads:

6. Credential scraping links

Many of us rely on our browsers to remember passwords for us. Unfortunately, this sensitive information is stored in our computers, and credential scraping allows cybercriminals to steal information straight from the browser. Clicking this type of link payload invites threat actors into your devices and allows full access to any website or app with a stored password.

7. Copycat links

This type of attack is particularly sophisticated and rose in popularity during the pandemic due to the various official support schemes offered worldwide. The payload in the email could lead to lookalike or copycat websites usually pose as governmental departments offering something for a premium cost. They typically look official even though they are not attached to an official site, and paying for the fake service is of no benefit to the victim (which they find out the hard way).

What about payloadless phishing emails?

Not every phishing email contains a payload. Some are payloadless, and attackers rely on text-based social engineering to achieve their goals. Learn how a payloadless phishing email works here.