Phishing is one of the curses of the internet age. If you’ve ever received an email which outwardly seems legitimate, only to find that it seeks to take you to a completely irrelevant web page, you’ve been phished.
These days, if you fall victim to the various types of phishing, the results can be devastating, both financially and psychologically. So it makes sense to find out what is a phishing email, and how to avoid becoming prey to the online world’s most devious predators.
What is phishing all about?
If you’re wondering how does phishing work, you might be surprised by how simple the practice actually is. This isn’t a form of hacking which relies on cutting edge coding skills or specialist equipment. In fact, a successful phishing email resembles a magic trick more than a sophisticated hack.
All types of phishing have key similarities. Most importantly, phishing email examples will be persuasive. Their primary aim is to convince the recipient that:
- The sender is a legitimate individual or organization
- Their words should be taken seriously
That’s why you’ll often receive phishing emails seemingly coming from respected companies like Amazon or the Inland Revenue Department. People are more likely to open emails from organizations they trust or respect.
At the same time, there’s a technical side to the question of what is a phishing email. Phishers can’t just write a persuasive text. They also work hard to make their emails look as much like the “real thing” as possible, incorporating graphics and layouts which mimic legitimate communications.
Give us all your data, please
And they also have to include a way to harvest information from recipients. This could entail the following:
- Clicking a link to a fake website
- Downloading an attachment with a Trojan horse
- Calling a fake customer service hotline
All of which gives hackers the opportunity to control your computer.
When you bring all of these elements together, it’s easy to see why people need to know what is a phishing email. These attackers tend to be very effective at targeting people who aren’t security-conscious, and they prey on vulnerable internet users.
7 most common phishing email examples
If you aren’t sure how to detect phishing emails, checking out some phishing email examples is definitely recommended. There’s no single template for these emails, but there are some categories which appear again and again.
1. Spear fishing
Spear fishing is a very precise form of phishing, where attackers work hard to include personal details such as the names of colleagues, past purchases, and contact information. By doing so, these emails try to establish a personal connection with the recipient. They tend to be associated with social networks like LinkedIn, where users regularly receive unsolicited (but legitimate) emails from recruiters.
Pharming is one of the most devious kinds of phishing attack. In these attacks, phishers actually “poison” the DNS server of a website and redirect users to the site of their choice. So the links in phishing emails can seem totally accurate, but they can still send users to dangerous sites. This makes it very important to take care when clicking any email links.
3. Simple deception
The classic answer to the question of what is a phishing attack, simple phishing emails are just generic appeals to take a particular action. In the past, they may have told stories about long-lost relatives in distant countries, and sudden inheritances. Nowadays, those stories have less power, and other narratives are employed. So always be skeptical about people contacting you out of the blue.
Whaling is a specific form of phishing which plays on the way businesses are structured. In these attacks, phishers target people high up in corporate hierarchies, probably hoping that they don’t have the security savvy of those lower down the food chain. So anyone in a position of authority should tighten up their anti-phishing knowledge.
5. Cloud phishing
With the rise of cloud-based apps like Google Docs and Dropbox, new forms of phishing email have emerged, expanding the answer to the question how does phishing work. In these scams, phishers direct users of cloud-based services to completely fake versions of the apps they rely on. So if you use these apps, 2-step verification is advisable.
These are the most common types of phishing, but there are probably hundreds of sub-varieties. In all cases, they try to make their emails seem as persuasive as possible, but very few phishers are totally successful.
Top 3 best VPNs to protect yourself from phishing attacks
When it comes to anti-phishing protection, a top of the line VPN can be a great first barrier against hackers trying to intercept your data online.
By relaying your online traffic through a secure server in another country and adding a layer of encryption as it travels between destinations, VPNs make it extremely difficult for any would-be phisher to sniff out your personal information while you’re out and about on the internet.
To help you avoid phishing attacks, we selected the top-notch VPN service that deploys advanced security measures to help you stay safe whenever you browse the web:
- Excellent security
- Great server list
- Awesome for Netflix
- Good for torrenting
- Very easy to use
- Affordable prices
Secure email providers to avoid phishing
Your second line of defense against phishing attempts should be a secure email provider. These providers can help to deploy basic spam filters to warn you when an email is suspicious and possibly phishing-related.
There are quite a few secure email providers that we’ve tested and that we can recommend. One of our favorites is the Swiss-based ProtonMail, which has rightly gained a reputation for being one of the strongest, most secure email providers available.
Another favorite is FastMail, which is often seen as a veteran in the email industry. Their spam filter is world-class. Also, they have pretty good options for free users, with a starting allowance of 2 GB storage.
There’s no reason to be caught out by phishers any more. So stop asking yourself how does phishing work, and start changing your behavior to detect the specific strategies that cyber-criminals use.
Anyone has the skills to decide what is phishing attack and what isn’t, but you need to take care. And don’t be afraid to bring in specialist security solutions like VPNs, which can screen email accounts against illicit emails.