Email Security Blog

What is Email Phishing?

Nikki Tyson October 7, 2015 Cybercrime
Fallback Featured Image

In this series of blogs on phishing to coincide with National Cyber Security Awareness Month 2015, we will explore the fundamentals of email phishing, starting with what is email phishing?

Email is one of the most ubiquitous forms of communication around the globe. However, this proliferation has been accompanied by a growing number of cyber criminals who use it as a tool for cyber attacks. Frequently hitting the headlines as a popular – and very successful – cyber criminal method of attack is email phishing.

So, what is phishing exactly?

Email phishing is a method used by fraudsters to access valuable personal details, such as usernames and passwords. The most common example is when you receive a fake email that looks like it came from a trusted source (e.g. your bank), but takes you to a forged website that is designed to steal confidential or personal data (e.g. your bank login details).

The UK consumer association Which? found that people receive, on average, up to 20 phishing emails a month. These messages tend to be sophisticated spoofs pretending to be from government departments, banks and major brands, and it’s becoming progressively more difficult for consumers to distinguish between mimics and genuine correspondence.

Phishers often use a wide variety of social engineering ploys to trick their victims into unguarded behavior, such as requiring recipients to respond to an email or clicking on a link immediately by claiming that they will lose something of value (e.g. a subscription or bank account access) if they do not. The danger is that email phishing is becoming more and more sophisticated so it is increasingly difficult for consumers to distinguish between legitimate and fraudulent emails. To help better identify legitimate email, organizations such as Google and Microsoft offer tips for recognizing phishing emails and advice on reporting phishing emails to the relevant organizations and authorities.

The second installment of our fundamentals of phishing blog series will appear next week. For more cybersecurity tips, news, and resources highlighting National Cyber Security Awareness Month, follow the #CyberAware hashtag.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

July 10, 2019 Ronnie Tokazowski

‘Til Death Do Us Part… Romance Scams and the BEC Game

When we think of business email compromise (BEC), the first thing that comes to mind…

Agari Blog Image

June 5, 2019 Crane Hassold

From One to Many: Scattered Canary Evolves from One-Man Startup to BEC Enterprise

There is no denying that business email compromise (BEC) is big business, with losses exceeding…

Agari Blog Image

April 25, 2019 Crane Hassold

Bitcoin: The Next Evolution in BEC Cash Out Methods?

Historically, business email compromise (BEC) threat actors have used wire transfers as a means to…

Agari Blog Image

April 18, 2019 Ronnie Tokazowski

Do You Know Where Your W-2 Is? Probably Where You Left It

It’s like clockwork. Every year around tax time security vendors (even us!) push out warnings…

Agari Blog Image

April 4, 2019 Crane Hassold

Evolving Tactics: London Blue Starts Spoofing Target Domains

In December, the Agari Cyber Intelligence Division (ACID) published a report on a business email…

mobile image