What is a Phishing Email?
A phishing email is a cybercrime that relies on deception to steal confidential information from users and organizations.
Phishing victims are tricked into disclosing information they know should be kept private. Because they trust the source of the information request and believe the party is acting with the best intentions, phishing email victims typically respond without thinking twice.
In a phishing email, cyber criminals will typically ask for your:
Date of birth
Social security numbers
Phone numbers
Credit card details
Home address
Password information (or what they need to reset your password
Cyber criminals then use this information to impersonate the victim and apply for credit cards or loans, open bank accounts, and other fraudulent activity.
Some cyber criminals use the information collected by a phishing email to start a more targeted cyber attack, such as a spear phishing or business email compromise incident, that relies on knowing more about the victim.
How Does Phishing Happen?
Phishing happens when a victim replies to a fraudulent email that demands urgent action.
Examples of requested actions in a phishing email include:
Clicking an attachment
Enabling macros in Word document
Updating a password
Responding to a social media connection request
Using a new Wi-Fi hot spot.
Every year, cyber criminals become savvier with their phishing attacks and have tried-and-tested methods to deceive and steal from their victims. According to 2021 data from Verizon, hackers took advantage of the COVID-19 pandemic to up the frequency with which phishing emails were sent out as part of cyber attacks.
Since phishing attacks come in many different forms, differentiating one from a valid email, voice mail, text message, or information request can be difficult. For this reason, phishing simulations are an ideal way to test users’ knowledge and boost organization-wide levels of phishing awareness.
Examples of Different Types of Phishing Attacks
Just like everything else on the internet, phishing email attacks have evolved over the years to become more intricate, enticing, and tougher to spot.
To successfully pinpoint and flag suspicious messages in their inbox, all your users must be familiar with phishing emails’ different forms.
Phishing Email
Phishing emails still comprise a large portion of the world’s yearly slate of devastating data breaches. Phishing emails are designed to appear to come from a legitimate source, like Amazon customer support, a bank, PayPal, or another recognized organization. Cyber criminals hide their presence in little details like the sender’s URL, an email attachment link, etc.
Spear Phishing
This more targeted phishing email attack relies on data that a cyber criminal has previously collected about the victim or the victim’s employer. Typically spear phishing emails use urgent and familiar language to encourage the victim to act immediately.
Link Manipulation
Relying on carefully worded phishing emails, this attack includes a link to a popular. This link takes victims to a spoofed version of the popular website, designed to look like the real one, and asks them to confirm or update their account credentials.
Fake Websites
Cyber criminals send phishing emails that include links to fake websites, such as the mobile account login page for a known mail provider, asking the victim to enter their credentials or other information into the fake site’s interface. The malicious website will often leverage a subtle change to a known URL to trick users, such as mail.update.yahoo.com instead of mail.yahoo.com.
CEO Fraud
This example of a phishing attack uses an email address familiar to the victim, like the one belonging to the organization’s CEO, Human Resources Manager, or the IT support department. The email urgently asks the victim to act and transfer funds, update employee details, or install a new app on their computer.
Content Injection
Savvy cyber criminals hack a familiar website and include a fake website login page or pop-up that directs website visitors to a fake website.
Session Hijacking
With this advanced phishing attack, criminals gain access to a company web server and steal the confidential information stored on the server.
Malware
All it takes to install malicious software on a computer or company network is clicking an email attachment. These attachments look valid or may even be disguised as funny cat videos, eBook PDFs, or animated GIFs.
“Evil Twin” Wi-Fi
This occurs when free Wi-Fi access points are spoofed. Victims unknowingly log into the wrong Wi-Fi hotspot. Wi-Fi access points commonly spoofed include those available in coffee shops, airports, hospitals, shopping malls, public parks, and other public gathering locations.
Mobile Phishing (Smishing)
A fraudulent SMS, social media message, voice mail, or other in-app message asks the recipient to update their account details, change their password, or tell them their account has been violated. The message includes a link used to steal the victim’s personal information or install malware on the mobile device.
Voice Phishing (Vishing)
This scenario occurs when a caller leaves a strongly worded voicemail that urges the recipient to respond immediately and to call another phone number. These voicemails are urgent and convince the victim for example, that their bank account will be suspended if they don’t respond.
Man-In-The-Middle
This sophisticated phishing email attack tricks two people into believing that they’re emailing each other. However, the hacker sends fake emails to each person asking them to share information or update confidential corporate information.
Malvertising
This phishing technique uses online advertisements or pop-ups to compel people to click a valid-looking link that installs malware on their computer