What are phishing emails?
How to spot and stop phishing emails
Have you heard the term phishing emails and wondered what it means? This article will explain how to spot phishing emails, what a phishing attack is, and how to stop a phishing email.
So what are phishing emails, and what does phishing mean? Phishing is a method of gathering personal information through emails, websites, or telephone (also called vishing). Phishing is an analogy of an angler throwing a baited hook into the ocean to catch fish. In regards to phishing emails, the attacker sends a baited email hoping that the recipient will bite.
Phishing emails are precisely the same, but in this case, attackers specifically use email to phish for personal information.
Phishing emails are one of the most common cyberworld attacks. The attacks are increasingly becoming more sophisticated, meaning that more and more people are falling for these types of phishing emails.
How to spot a phishing email?
Phishing emails are typically easy to spot. The first thing you should do is check the sender. Who sent you the email? Click on the sender’s email to see the full email address and determine whether it seems accurate or not.
A phishing email aims to gather information from the recipient by tricking the recipient into believing that the email is sent from a legitimate sender. The attacker or hacker sending the phishing emails makes the recipient think they need to take action as stated in the email and subsequently leave personal financial information.
A typical phishing attempt would be an email presented as being sent from a bank or a high-level person at the company the recipient is working at, such as the CEO. The attacker masquerading as an important, trustworthy person who has a plausible reason for getting in touch with you is how phishing scams start.
A Phishing example
Perhaps the most well-known phishing attack example occurred in 2016 when Russian hackers managed to get Hillary Clinton’s campaign chair John Podesta to give away the password to his personal Gmail account.
How the phishing scam worked is really interesting. The hackers sent a phishing email to John warning him that his password had been compromised, that someone had his password and that he should change it immediately. The hackers included a link in the email that took him to a fake login page.
Email phishing attackers are sharpening their methods and techniques. As in the example above, we would hope that we could spot a phishing scam, but sometimes they get the better of us.
Phishing attack examples – spot the phishing scam just like this
When you receive an email, ensure that you’re reading the email carefully before replying or opening a link. Some of the tell-tale signs are there; you just need to study the email to spot them.
- Your account has been hacked
This sentence is typically used in phishing scams. The hacker has probably found your email on your company website and decided to take advantage of it. You might get worried thinking about how hackers knew about your business email; this is a clever play by the hacker. However, you can still spot that it’s a phishing email by noticing the email’s actual content.
The hacker will usually continue explaining how they hacked your account, and you’ll see how they don’t understand how malware works and that it’s all made up.
Secondly, when you see an email of this kind where the sender is threatening you, think to yourself if it’s really accurate or just a phishing email.
- Password reset
Another ploy hackers use to implement their phishing scams is sending emails warning that you need to reset your password for your ADP service to receive your paycheck.
ADP stands for automatic data processing – the most prominent provider for human resources services. This phishing attack can be successful as we all want to receive our paychecks and accommodate the ADP service.
This is a ploy to make you hand over your password and other personal information, which the hacker can then use to breach an account.
- Payment request
Some types of phishing emails provide savvy receipts, making it hard not to trust the email’s content. A phishing attack that requires payment requests can be something along the lines: you’ve forgotten to pay an invoice, and you need to pay the amount today to avoid the cancellation of your account.
To notice these types of email phishing scams, you need to be aware of the company’s process (that the hackers are claiming to be from) and look for irregularities. We recommend that you contact the company by telephone and ask about the accuracy of the email.
- Charity donation
In the case of charity donations, the hackers try to take advantage of the recipient’s greed and naivety. However, as a general rule, keep in mind if it’s too good to be true, it probably is.
The email content is usually about a wealthy person who is nearing the end of their life and wants to give away all their money in constellations to different people.
Some other things to be aware of when receiving an email and that you should consider as a red flag immediately:
- Legitimate companies never ask for your personal information over email
- Legitimate companies have their own domain email
- Legitimate companies don’t have grammar mistakes in their spelling
- Legitimate companies don’t send an attachment over email unsolicited
The difference between spam and phishing?
You might wonder about the difference between spam and phishing emails. Spam emails are sent by the thousands in the hope of luring people into buying questionable products and participate in problematic schemes. Schemes with subject lines such as lottery, you’ve won a car, claim your car, bank loan etc.
Read more about spam emails in this article, where we’ve explained what you should do if you receive a spam email.
As mentioned above, phishing emails are fraudulent communications and activities that seem as though it’s coming from a trustworthy source. The main goal of phishing emails is to extract personal information.
There is also spear phishing. Spear phishing means that attackers and hacker aim at one specific individual to attack, typically a high-profile individual.
Stay safe out there!