How Does A Phishing Email Work

How Big Is The Phishing Issue

What is phishing? Learn how this attack works

The Anti-Phishing Working Group state that reported unique phishing campaigns have increased from 173,000 in 2005 to over 1 million in 2018, so it really is a widespread, growing issue.

In mid-2019 the found that 22% of businesses experienced a data breach due to an email-based attack in a three month period.

Earlier in 2019 the BBC also reported on a phishing scam affecting a fee-paying school in Newcastle, and insurer Ecclesiastical found in their Cyber risk and education research that 50% of the schools that had experienced a cyber-attack listed phishing as the attack type.

Avoid Clicking On Unknown Shortened Links

Shortened links do not show a websites real name and hence, users are more tempted to click on them. Hackers can easily trick you into clicking on shortened links that redirect to fake lookalike sites and capture sensitive information. Always place your cursor on the link to see target location before clicking on it.

Watch Out For Obviously Suspicious Emails

Most of us have at some point or the other seen random emails about topics such as news about lottery wins, free downloads of software or other digital products, pending collections of expensive items, urgent deadlines, donations to charities and so on. These typically originate from completely random, unknown sources and are too good to be true. In general, put in extra scrutiny on emails that offer unrealistic rewards or threats and in an abnormal language

But of course, even with the most precautionary approach to prevent phishing, it is still possible to fall victim to a sophisticated phishing attack. To further strengthen email security, users should consider installing additional phishing protection software that is purpose-built to sniff out phishing attacks. These include

You May Like: Where Can I Print Out Papers From My Email

Common Features Of Phishing Emails

  • Too Good To Be True Lucrative offers and eye-catching or attention-grabbing statements are designed to attract peoples attention immediately. For instance, many claim that you have won an iPhone, a lottery, or some other lavish prize. Just don’t click on any suspicious emails. Remember that if it seems to good to be true, it probably is!
  • Sense of Urgency – A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time. Some of them will even tell you that you have only a few minutes to respond. When you come across these kinds of emails, it’s best to just ignore them. Sometimes, they will tell you that your account will be suspended unless you update your personal details immediately. Most reliable organizations give ample time before they terminate an account and they never ask patrons to update personal details over the Internet. When in doubt, visit the source directly rather than clicking a link in an email.
  • Hyperlinks – A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling, for instance – the ‘m’ is actually an ‘r’ and an ‘n’, so look carefully.
  • Email From Unfamiliar Sender

    The Basics of How Phishing Works

    When receiving an email, there are several details you can go over to determine, if you might have been targeted for a phishing attack. First, take a look at the sender’s email details. The phishing attack could be from an email you’ve never seen before and which doesn’t seem legitimate. Fortunately, if you have doubts, there are forums and online resources which can help you determine if the source is reliable or not. Simply copy the sender’s email and google it with a keyword such as “phishing attempt”, “hacking” or “scam”. If other people have flagged the email, you will likely see that the email is indeed from a cyber-criminal. There are issues with this technique, however, since phishers are very aware of the forums and change their emails often and easily. They can also use these help forums as a form to support their own scam, by giving themselves good reviews and claiming the email offer was indeed legitimate.

    Recommended Reading: How To Start A Letter To A Professor

    Dont Worry And Carry On

    Phishing emails are annoyingly frequent. Fortunately, your spam or junk filters catch them most of the time, and you never see them. Sometimes, they dont even get that far because your provider stops them. To defeat the few that do get through, just be careful and dont click any links or attachments unless youre sure theyre safe.

    Millions of phishing emails are sent every day, so dont worryyoure not usually a target. Just follow the simple steps we covered above, and then carry on with your day.

    Common Phishing Subject Lines

    The subject on an email determines if a user will open the message. In a phishing attack, a subject line will play on user fears and a sense of urgency.

    Its common for attackers to use messages involving problems with accounts, shipments, bank details, and financial transactions. Shipping messages are common during the holidays, because most people are expecting a delivery. If a user does not notice that the domain in the sender address is not legitimate, the user could be tricked into clicking the link and divulging sensitive data.

    Read Also: How To Unarchive Outlook

    Email Containing Link To A Shared File

    This takes the form of an email apparently from Dropbox and which asks you to view a file that another user shared. Clicking on this link redirects to a fake site that simply collects your Drobox account credentials. The hacker could than transfer malware to your online account and which when downloaded to local hard-drive, could significantly compromise personal information from local files, downloads and browsing history.

    Common Scams That Prey On College Students

    What is email phishing and how does it work? | BMO

    College students may be vulnerable to online scams and predatory behavior. Many students may be living on their own and managing their money for the first time. They may not be familiar with the warning signs of fraud, which can lead to all kinds of unfortunate outcomes, including identity theft and scam purchases. If you or someone you know is getting ready to go to college, use this guide to help protect yourself from common scams that target college students.

    Also Check: How To Start Email To Professor

    What Are The Different Types Of Phishing Attacks

    Phishing attacks are social engineering attacks, and they can have a great range of targets depending on the attacker. They could be generic scam emails looking for anyone with a PayPal account.

    Phishing can also be a targeted attack focused on a specific individual. The attacker often tailors an email to speak directly to you, and includes information only an acquaintance would know. An attacker usually gets this information after gaining access to your personal data. If the email is this type, it is very difficult for even the most cautious of recipients not to become a victim. PhishMe Research determined that ransomware accounts for over 97% of all phishing emails.

    How Phishing Attacks Work

    Phishing attacks can vary immensely and take on many different forms. However, cyber criminals are usually attempting to get users to do one of two things.

  • Hand over sensitive information. Attackers try to dupe a victim into handing over sensitive information or credentials through filling out a form, changing their password, or typing in other financial or corporate information on a spoof website or portal. Its also possible for attackers to monitor keyboard strokes and steal data that way.
  • Attackers try to get you to open an attachment, download a PDF, or click on a malicious link. Then, the victims computer is infected with malware. Ransomware is the most common form of malware and has been on the rise since 2013.
  • A hackers ultimate goal is to obtain the most sensitive and lucrative data on your personal device or company network.

    Don’t Miss: Why Am I Not Getting Any Email

    Why Socially Engineered Phishing Emails Are So Effective

    Its actually quite scary how much you can find out about an individual on the Internet without having to hack databases or trick somebody into divulging confidential information. Hackers can quickly accumulate personal information from social media sites, professional profiles and other online publications in order to identify the triggers that people respond to.

    It would not be too difficult to find details of an employee s children, the school they attend, and an event happening at the school, in order to send the parent an email inviting them to click on a link or open an attachment about their childs participation in the event. With the advent of Machine Learning and Artificial Intelligence, phishers will be able to collate this information much more quickly in the future.

    Review The Emails Salutation

    Infographics: How Phishing Works

    When reviewing an email for a possible phishing scheme, also take a closer look at how the sender of the email addresses you. Is it sent to Dear Customer, My Dear, Dearest or one of numerous other odd-sounding salutations?

    A legitimate business that you have had dealings with before will likely use a personalized salutation, such as Dear Jeff, Mr. Lebowski or simply Jeff Lebowski instead of a generic Customer greeting.

    Phishers count on you not being aware that a major company youve dealt with will have your information on file and will be able to access that for such a simple thing as an email greeting. Its called mail merge, and its great.

    You May Like: What Is A Good Email Name

    What Is A Phishing Virus

    A phishing virus is a form of malware that is installed on a users computer as part of a phishing attack. Phishing is a type of cybercrime where attackers pose as a trusted or legitimate business to dupe an individual into sharing information such as bank account numbers, credit card details, login credentials and other sensitive data, and/or to download a phishing virus onto the users computer.

    Report It To Your Company

    If you receive a phishing email at your work address, you should follow your companys policy rather than doing anything else. Your IT security policies might require you to forward a phishing email to a specific address, fill out an online report, log a ticket, or merely delete it.

    If youre not sure what your companys policy is, ask your IT security team. We recommend you find this out before you get a phishing email, if possible. Its better to prepare and be ready.

    Read Also: How To Print An Email

    How Does A Phishing Attack Work : Understanding The Working Of A Phishing Attack

    Everything you need to know about phishing attacks to start your set-up of impenetrable protection


    Phishing is one of the most popular and dangerous cybercrimes attackers steal victims personal or financial information through this method and use it illegally.

    Through phishing, cybercriminals can get access to sensitive and confidential information of an individual or an organization. They can also attack computers by injecting a malicious virus or try to compromise the database security of an enterprise. Hence, it is imperative to familiarize yourself with the working of such adversaries to prevent phishing. It is nearly impossible to protect ourselves entirely from a determined and sophisticated attacker. But we can follow certain safeguards to prepare ourselves to be able to face any threat.

  • Join the thousands of organizations that use DuoCircle
  • What Should You Do If Youve Determined Your Device Has Been Compromised

    What is a phishing email and how do they work?

    If you suspect your device has been compromised after clicking on a phishing link, the first thing you should do is disconnect your device from the internet and all other networks. This will prevent malware from spreading to synchronized devices.

    Then, immediately contact your companys IT department and run a virus scan, deleting any malware detected. Try to quickly reset any passwords that may be compromised and await further guidance from your organizations IT support.

    After you have taken those immediate actions, its good practice to also close the email and mark it as spam or junk. This helps train your companys phishing detection software to catch it next time.

    You may also want to watch for communications from friends, family or colleagues about strange emails they may have received from you. Remember, the hacker might have access to your contact list!

    Recommended Reading: How Do I Get My Email Back

    Common Phishing Attack Methods

    As mentioned above, most phishing scams begin with an email made to look like it was sent from a legitimate source, but the attack and infiltration methods can differ from there. Some of these phishing techniques can be as simple as tricking someone into clicking on a link to enter sensitive information or as complicated as running an executable file that spoofs a legitimate process that secretly gains access to your computer and network to run malicious software in the background.

    Phishing scams will commonly utilize multiple methods of deception within a single attack. Typically these scams use link manipulation and website forgery in conjunction to make their scam as convincing as possible. When you receive a phishing email, one of the first things youll see is a seemingly legitimate URL to a known and trusted website like Facebook, Amazon, YouTube, etc. with a message baiting you to click on the link. These messages will prompt users to enter sensitive information by claiming there is an issue with their account or order that needs to be resolved, and this is where website forgery comes into play.

    An Unfamiliar Tone Or Greeting

    The first thing that usually arouses suspicion when reading a phishing message is that the language isnt quite right for example, a colleague is suddenly over familiar, or a family member is a little more formal. For instance, if I personally were to receive an email from Cofenses CTO that began with Dear Scott, that would immediately raise a red flag. In all of our correspondence over the years, he has never begun an email with that greeting so it would feel wrong. If a message seems strange, its worth looking for other indicators that this could be a phishing email.

    Don’t Miss: What Does Cc Means When Sending An Email

    Dont Panic And Dont Click Any Links

    When you get a suspected phishing email, dont panic. Modern email clients, like Outlook, Gmail, and Apple Mail, do a great job of filtering out emails that contain malicious code or attachments. Just because a phishing email lands in your inbox, it doesnt mean your computer is infected with a virus or malware.

    Its perfectly safe to open an email . Mail clients havent allowed code to run when you open an email for a decade or more.

    Phishing emails are a genuine security risk, though. You should never click a link in an email or open an attachment to one unless you are 100 percent confident you know and trust the sender. You should also never reply to the sendereven to tell them not to send you any further mail.

    Phishers might send emails to thousands of addresses every day, and if you reply to one of their messages, it confirms your email address is live. This makes you even more of a target. Once the phisher knows youre reading his emails, hell send more attempts and hope one of them works.

    So to be clear: Dont click any links, dont open any attachments, and dont reply.

    If a suspicious email appears to be from someone you know or a company you use, check with them to see if the message is legitimate. Do not reply to the email. If it appears to be from someone you know, create a new email message, or text or call the person and ask if they sent you the mail. Dont forward the email, as that just spreads the potential phishing attack.

    Popular Articles

    Related Stories

    Stay on top - Get the daily news in your inbox