What is Email Phishing? A Basic Overview

What is Phishing?

Phishing is a very pesky cyber attack method that started in the mid-90s. It is a type of online scam where attackers rely on impersonation to trick unsuspecting victims into providing sensitive personal information, installing malware onto their device through bad links, or worse - relinquishing your company's vital information.

There are many variations of phishing, but for the sake of this article we'll focus primarily on Email phishing.

How does Email Phishing work?

It's pretty simple, really. The basic premise is that an attacker sends an email pretending to be a trusted company and invites you to click on a link. That link will go to a phony look-alike page of the company where any information provided will go directly to the attacker - such as usernames, passwords, account numbers, etc. Once the victim has entered this information, the attacker can do with it what he pleases. Let's take a look at an example email:


Source


How to Spot a Phishing Attempt

In the above email example, you may notice a few red flags

  1. The "generic greeting" doesn't use your full name. More often than not, trusted companies will send a personalized greeting.
  2. The sender is Maddie R from [email protected]. This should be the biggest red flag because the emails should come from @fedex.com (or something similar).
  3. The "Order" and "Order Date" doesn't really add up. Some critical thinking on your behalf will help you realize that FedEx doesn't know what you ordered or when. They're a third party. Red flag!

What is The Goal of Phishing?

The reasons for phishing vary widely. Some entities are motivated for financial gain, while others have used these tactics to embarrass celebrities. You may remember in 2014, where someone used a phishing technique to trick celebrities into providing their iCloud credentials. Thus, leading to a large-scale dump of private photos from many famous celebrities including Kate Upton, Jennifer Lawrence, and Emma Watson.

Below is a list of Phishing Statistics that we thought were interesting from 2019:

Top Five Types of Data That Is Compromised

  1. Credentials (pin numbers, passwords, login information)
  2. Personal Information (address, full name, phone number)
  3. Internal Data (employee information, company secrets)
  4. Medical (insurance information, treatments)
  5. Bank (credit card numbers, account numbers)

Symantec's Top 5 Subject Lines for Phishing Emails

  1. Urgent
  2. Request
  3. Important
  4. Payment
  5. Attention

Top 10 Most Impersonated Brands

  1. Apple
  2. Netflix
  3. Yahoo
  4. Whatsapp
  5. PayPal
  6. Chase
  7. Facebook
  8. Microsoft
  9. eBay
  10. Amazon

Gateway Selector

Select your combination of protocols.
Protocol 1
Protocol 2

Contact Us

Contact us via phone (+1 866-383-1657) or leave a detailed message below for sales, support, or any other needs

*Required Field
*Required Field
I'd like to receive the newsletter. *Check email for confirmation.
*Required Field
8:00am - 12:00pm 12:00pm - 5:00pm