What is a Phishing Email?\u00a0<\/b><\/p>\n
A phishing email<\/a> is a cyber attack that relies on deception to steal confidential information from users and organizations. Phishing victims are tricked into disclosing information that should be kept private. When a phishing email arrives, recipients have no reason to doubt the request. They believe that the party requesting the information \u2013 often posing as a familiar platform, a trusted vendor, colleague, or boss \u2013 is who they say they are. With the best intentions, phishing email victims respond without a second thought.\u00a0<\/span><\/p>\n In phishing emails, cybercriminals often ask for the following information:\u00a0<\/span><\/p>\n Cybercriminals then use this information to impersonate you and apply for credit cards or loans, open bank accounts, and commit other fraudulent acts.\u00a0<\/span><\/p>\n Mismatched Email Addresses<\/b>: The displayed name might look legitimate, but the actual email address may be a jumbled mix of characters or slightly altered from the official domain.<\/span><\/p>\n Suspicious Links:<\/b> Hover over any links without clicking on them. This will display the link’s destination URL. If it looks suspicious or doesn’t match the purported sender’s website, it’s likely a phishing attempt.<\/span><\/p>\n Poor Grammar and Spelling:<\/b> While not always a definite sign, many phishing emails contain misspellings, poor grammar, or awkward phrasing.<\/span><\/p>\n Generic Greetings: <\/b>Phishing emails often use generic greetings like “Dear customer” instead of your actual name.<\/span><\/p>\n Request for Personal Information:<\/b> Legitimate companies will never request sensitive information, like passwords or social security numbers, via email.<\/span><\/p>\n Unsolicited Attachments:<\/b> Be wary of unexpected attachments. They might contain malware.<\/span><\/p>\n Urgent or Threatening Language:<\/b> Phishers often use urgency to their advantage. Phrases like “urgent action required” or “your account will be suspended” can be signs of a phishing attempt.<\/span><\/p>\n Requests for Money: <\/b>Any unexpected request for money, especially via wire transfer or an untraceable method, should be an immediate red flag.<\/span><\/p>\n Too Good To Be True:<\/b> Offers that seem too good to be true often are. Be skeptical of any email offering rewards, cash, or gifts out of the blue.<\/span><\/p>\n Mismatched URLs:<\/b> If the email claims to be from a known organization but the URL is different from the organization’s known URL, it’s a red flag.<\/span><\/p>\n Unusual Sender<\/b>: If you receive an email from someone you haven\u2019t communicated with before or don’t expect to hear from, be cautious.<\/span><\/p>\n Altered Logo or Branding:<\/b> Look for slightly altered logos or off-brand coloring. The phishers might recreate logos, but sometimes small inconsistencies can give them away.<\/span><\/p>\n No Contact Information:<\/b> Legitimate businesses will have their contact information available. If it’s missing, that’s suspicious.<\/span><\/p>\n Check the Signature<\/b>: Generic signatures like “Support Team” or “Customer Service” without specific contact details can be a sign of a phishing email.<\/span><\/p>\n Deceptive Phishing<\/b>: This is the most common type. Attackers impersonate a legitimate company to steal personal information or login credentials. They often use threats to create a sense of urgency, like “Your account will be closed if you don’t respond.”<\/span><\/p>\n Spear Phishing:<\/b> Targeted at specific individuals or companies. Attackers often gather detailed information about their victims to make the scam more believable.<\/span><\/p>\n CEO Fraud \/ Business Email Compromise (BEC):<\/b> A type of spear phishing where attackers pretend to be a high-ranking executive or company CEO. They’ll typically request an urgent wire transfer or sensitive information.<\/span><\/p>\n Pharming:<\/b> Even though this isn’t strictly an email-based attack, it’s closely related. In pharming attacks, cybercriminals redirect users from a legitimate site to a fake one. The transition is often seamless, and users might not notice they’ve been redirected.<\/span><\/p>\n Whaling: <\/b>This is a more targeted version of spear phishing where high-profile individuals like C-level executives, politicians, or celebrities are the primary targets.<\/span><\/p>\n Vishing: <\/b>While this is mainly phone-based, it’s worth mentioning because phishing emails can request the victim to call a particular number. The goal is to extract personal information during the call.<\/span><\/p>\n Dropbox Phishing: <\/b>Attackers send notifications from popular cloud storage providers like Dropbox, urging users to click on a link. Once they do, they’ll be asked to enter their login credentials.<\/span><\/p>\n Google Doc Phishing: <\/b>This attack became famous in 2017 when a malicious actor sent a deceptive invite to access a Google Doc. When clicked, it led users to a page that asked for their Google login details.<\/span> Highlighted below are typical phishing email scenarios:<\/span><\/p>\n Account Verification Alert:<\/strong> An email mimics PayPal, alerting the receiver about potential account breaches. The recipient is urged to validate their credit card on a fraudulent PayPal site, where the data is captured for illegal activities.<\/span><\/p>\n Image Source URL<\/em><\/a><\/p>\n Credit Card Security Alert:<\/strong> Post a recent Apple purchase, an email, masquerading as Apple’s support, warns about possible credit card breaches and asks for card validation.<\/span><\/p>\n Urgent Funds Transfer:<\/strong> An email, seemingly from the company’s traveling CEO, requests an emergency funds transfer to a foreign associate. The receiver, believing in aiding the company, promptly acts on it.<\/span><\/p>\n Social Media Link:<\/strong> A friend request on Facebook from a seemingly mutual friend leads to a message containing a malicious video link that, once clicked, deploys malware.<\/span><\/p>\n Google Docs Authentication Alert:<\/strong> An email prompts the user to verify their Google Docs login on a counterfeit page. The email might be from a deceptive address like <\/span>accountupdate@google.org.com<\/span><\/a>.<\/span><\/p>\n\n
How to recognize a phishing email<\/b><\/h3>\n
![\"7-Signs-of-Phishing-Email\"](\"https:\/\/www.empowerelearning.com\/blog\/wp-content\/uploads\/2022\/05\/7-Signs-of-Phishing-Email.jpg\")
<\/p>\n8 Types of Email Phishing<\/b><\/h3>\n
![\"8-points-of-Phishing-Email.\"](\"https:\/\/www.empowerelearning.com\/blog\/wp-content\/uploads\/2022\/05\/8-points-of-Phishing-Email.jpg\")
<\/p>\n
\n<\/span><\/p>\nExamples of Phishing Emails in Everyday Scenarios<\/b><\/h3>\n
![\"Phishing\"](\"https:\/\/www.empowerelearning.com\/blog\/wp-content\/uploads\/2022\/05\/paypal-phishing-1.png\")
<\/p>\n
![\"Google](\"https:\/\/www.empowerelearning.com\/blog\/wp-content\/uploads\/2022\/05\/scenario-2.jpg\")
![\"](\"https:\/\/www.empowerelearning.com\/blog\/wp-content\/uploads\/2022\/05\/Phishing-Awareness-Training-1.jpg\")
<\/a><\/p>\n