What is a phishing email?
A phishing email is an attempt to obtain sensitive and personal information from the email’s recipients, such as passwords and credit card details, or to deceive them into sending money to a fake bank account under false pretences.
This is how it happens: You receive an email from what appears to be a familiar or trustworthy source like a known organisation in your area or a colleague asking you to make an action either by clicking a link, visiting a website, filling in your personal details or even sending out money immediately to a fake bank account. The sender usually uses clever tactics to convince the target that the email is a genuine one and urge them to action the request as soon as possible. For example, an email telling you your colleague has shared a Dropbox album with you and you need to click a link to view it.
Types of phishing emails
- Spear phishing is an email that targets a particular organisation or individual seeking sensitive information and data for malicious purposes. Attackers may also intend to install malware on a targeted user’s computer.
- Clone phishing is an email that looks exactly like a trustworthy email by a known organisation that you previously received, such as a Facebook friend request notification or a new issue of your favourite magazine. The sender usually clones this trusted email, tweaks the links and resends it through what will appear to be the same source, leaving you with no suspicions.
- Whaling is a type of phishing that usually directed specifically at senior executives and other high-profile targets within businesses who usually have access to highly valuable information. This type of phishing is usually more difficult for automated systems, such as spam filters, to detect as the attackers often don’t use malicious links or harmful attachments.
How to spot a phishing email
Here are the common features of a phishing email to look out for: