Phishing emails are malicious emails that try to steal personal information, convince you to log into their website, or get you to send them money. The advance-fee scam is a classic example of a phishing email.
Sometimes phishing emails can be really obvious, while other times they can be hard to spot. Warning signs of a less sophisticated phishing attempt include:
- Asking for personal information or passwords to be sent by email.
- Use of very urgent or threatening language.
- Spelling and grammar mistakes.
- Asking for a very high level of access to your account or computer. For example, one common scam involves a “computer support person” who contacts you unexpectedly and asks for remote access to your computer.
- An email sent from a misspelled domain name, or one that’s not associated with the website. For example, Google is not going to email you from an address like “firstname.lastname@example.org” (spot the extra L?) or “email@example.com.”
Some phishing emails can be very hard to spot. Scammers are experts at crafting emails and websites that look just like those from a legitimate organization. For example, a sophisticated attacker can send an email that looks just like it came from your bank, with a login link that directs you to a site looking identical to theirs. The site is a fake. When you put in your password, the attacker will steal it, and then redirect you to the bank's actual website, so that you never suspect foul play.
Other attackers will even customize emails specifically for a single person, a practice known as “whaling.” This email might even look like it comes from someone you know personally. These emails can be impossible to distinguish from the real thing without careful examination by an expert.
Attackers are crafting more sophisticated phishing emails, because we're all getting better at spotting the obvious ones. To thwart the more complicated, targeted attacks, follow our advice for creating better habits when using email.
Want to know more? Sign up for a training on phishing.