Phishing is one of the curses of the internet age. If you’ve ever received an email which outwardly seems legitimate, only to find that it seeks to take you to a completely irrelevant web page, you’ve been phished.

These days, if you fall victim to the various types of phishing, the results can be devastating, both financially and psychologically. So it makes sense to find out what is a phishing email, and how to avoid becoming prey to the online world’s most devious predators.

What is phishing all about?

If you’re wondering how does phishing work, you might be surprised by how simple the practice actually is. This isn’t a form of hacking which relies on cutting edge coding skills or specialist equipment. In fact, a successful phishing email resembles a magic trick more than a sophisticated hack.

[email protected]con

All types of phishing have key similarities. Most importantly, phishing email examples will be persuasive. Their primary aim is to convince the recipient that:

  • The sender is a legitimate individual or organization
  • Their words should be taken seriously

That’s why you’ll often receive phishing emails seemingly coming from respected companies like Amazon or the Inland Revenue Department. People are more likely to open emails from organizations they trust or respect.

At the same time, there’s a technical side to the question of what is a phishing email. Phishers can’t just write a persuasive text. They also work hard to make their emails look as much like the “real thing” as possible, incorporating graphics and layouts which mimic legitimate communications.

Give us all your data, please

And they also have to include a way to harvest information from recipients. This could entail the following:

  • Clicking a link to a fake website
  • Downloading an attachment with a Trojan horse
  • Calling a fake customer service hotline

All of which gives hackers the opportunity to control your computer.

When you bring all of these elements together, it’s easy to see why people need to know what is a phishing email. These attackers tend to be very effective at targeting people who aren’t security-conscious, and they prey on vulnerable internet users.

7 most common phishing email examples

If you aren’t sure how to detect phishing emails, checking out some phishing email examples is definitely recommended. There’s no single template for these emails, but there are some categories which appear again and again.

1. Spear fishing

Spear fishing is a very precise form of phishing, where attackers work hard to include personal details such as the names of colleagues, past purchases, and contact information. By doing so, these emails try to establish a personal connection with the recipient. They tend to be associated with social networks like LinkedIn, where users regularly receive unsolicited (but legitimate) emails from recruiters.

2. Pharming

Pharming is one of the most devious kinds of phishing attack. In these attacks, phishers actually “poison” the DNS server of a website and redirect users to the site of their choice. So the links in phishing emails can seem totally accurate, but they can still send users to dangerous sites. This makes it very important to take care when clicking any email links.

3. Simple deception

The classic answer to the question of what is a phishing attack, simple phishing emails are just generic appeals to take a particular action. In the past, they may have told stories about long-lost relatives in distant countries, and sudden inheritances. Nowadays, those stories have less power, and other narratives are employed. So always be skeptical about people contacting you out of the blue.

4. Whaling

Whaling is a specific form of phishing which plays on the way businesses are structured. In these attacks, phishers target people high up in corporate hierarchies, probably hoping that they don’t have the security savvy of those lower down the food chain. So anyone in a position of authority should tighten up their anti-phishing knowledge.

5. Cloud phishing

With the rise of cloud-based apps like Google Docs and Dropbox, new forms of phishing email have emerged, expanding the answer to the question how does phishing work. In these scams, phishers direct users of cloud-based services to completely fake versions of the apps they rely on. So if you use these apps, 2-step verification is advisable.

These are the most common types of phishing, but there are probably hundreds of sub-varieties. In all cases, they try to make their emails seem as persuasive as possible, but very few phishers are totally successful.

Top 3 best VPNs to protect yourself from phishing attacks

When it comes to anti-phishing protection, a top of the line VPN can be a great first barrier against hackers trying to intercept your data online.

By relaying your online traffic through a secure server in another country and adding a layer of encryption as it travels between destinations, VPNs make it extremely difficult for any would-be phisher to sniff out your personal information while you’re out and about on the internet.

To help you avoid phishing attacks, we selected the top-notch VPN service that deploys advanced security measures to help you stay safe whenever you browse the web:

Flawless privacy practices, advanced security features, and reliable geo-unblocking capabilities make NordVPN the undisputed industry leader. Whatever your needs, this VPN has you covered – all starting from just $3.49/month.
  • Excellent security
  • Great server list
  • Awesome for Netflix
  • Good for torrenting
  • Very easy to use
  • Affordable prices

Secure email providers to avoid phishing

Your second line of defense against phishing attempts should be a secure email provider. These providers can help to deploy basic spam filters to warn you when an email is suspicious and possibly phishing-related.

There are quite a few secure email providers that we’ve tested and that we can recommend. One of our favorites is the Swiss-based ProtonMail, which has rightly gained a reputation for being one of the strongest, most secure email providers available.

Another favorite is FastMail, which is often seen as a veteran in the email industry. Their spam filter is world-class. Also, they have pretty good options for free users, with a starting allowance of 2 GB storage.

Bottom line

There’s no reason to be caught out by phishers any more. So stop asking yourself how does phishing work, and start changing your behavior to detect the specific strategies that cyber-criminals use.

Anyone has the skills to decide what is phishing attack and what isn’t, but you need to take care. And don’t be afraid to bring in specialist security solutions like VPNs, which can screen email accounts against illicit emails.