Our Blogs

Introduction to Email Phishing

What Is Email Phishing?

Email phishing (pronounced fish-ing) is when cyber criminals and scammers send emails to you in an attempt to steal sensitive information such as usernames, passwords, bank account information and credit card details.

They try to trick or “bait” users into clicking on a link or opening an attachment. Links can take you to a fake or fraudulent website to steal your personal details or install malware on your device. Email attachments can also contain malicious code, and once opened, could download viruses and malware onto your computer to steal your information, passwords and corrupt your files.

Attackers will use your information to try and steal money from you, so you must always use *extra caution* before clicking on any links or opening attachments – especially from outside your organisation.

Email phishing is becoming increasingly common, and scammers are always coming up with new and devious ways to catch you out. You always need to be alert to possible threats and “Think Before You Click!”

Common Email Phishing Tactics

Cyber criminals tend to use very similar tactics when sending phishing emails. This is because they work. The use of emotional manipulation along with creating a false sense of urgency, can trick users into clicking a link, opening an attachment or giving away personal or sensitive information.

Below are 5 common tactics used by email phishing attackers:

  1. Sending Offers Which Are Too Good To Be True  

In this type of phishing email, the scammer will lure the recipient into clicking on a link or opening an attachment by offering a reward or incentive. The scammer could claim you have won a prize or be offering products/services at a bargain price. Just remember, if the offer is too good to be true, then it generally always is. Think before you click.  

  • Using Urgent Calls To Action

Cyber criminals will try and get you to take immediate action without thinking by using urgent call to actions. Always be suspicious of emails that ask you for immediate action. This creates a false sense of urgency and is a successful way of getting users to give away details without thinking about it. Never proceed without pausing to think and check the email carefully.

  • Scare Tactics

Scare tactics are often used alongside urgency tactics. Invoking fear and anxiety can lead to the user taking action without thinking rationally as the emotional part of the brain takes over. Threats to suspend services or subscriptions, lock accounts, withhold money etc can create fear and panic. Always stop and think before acting on any email using these tactics. A reputable company would never use threatening emails like this.

  • Impersonating Trustworthy Companies.

Scammers will try and impersonate well known, reputable companies e.g., PayPal, Facebook or Royal Mail. They will try to copy the company logos and layout of the emails to make them look like the real thing. They will even try and use similar email and website addresses to try and trick you ‘at a glance’.

Often these phishing emails go undetected without advanced security measures in place. Having comprehensive email protection in place means suspicious emails can be identified and removed before they reach your inbox.  

  • Impersonating Suppliers or Work Colleagues

Cyber criminals can easily buy domain names which look similar to company names and set up fake email addresses, pretending to be suppliers or higher ups from an organisation. They can then email employees requesting they complete urgent tasks, e.g., paying an invoice in order to steal company funds. This is one of the more sophisticated ways cyber criminals can target small businesses, but if successful this can bring huge financial losses!

Share this post
Facebook
WhatsApp
Twitter
LinkedIn
Email

One Response

Leave a Reply

Your email address will not be published. Required fields are marked *