A phishing email is a confidence trick that involves a scammer sending emails to people in order to deceive them and gain sensitive information from them.
In the modern age, phishing communications are mostly digital with the majority of them being email messages. However phishing can involve communications outside of emails.
Phishing emails can be used on mass amounts of individuals at once or can be specifically targeting individuals and organizations.
How Phishing Emails Trick Victims?
Phishing scammers send email messages (phishing attempts) that appear trustworthy, or at least they try to make them look trustworthy. These phishing emails are made to look like emails that people are expecting.
Like an email from a bank or utility company.
The phishing email can ask for people to reply with information such as bank account information. Some people might think it normal to email their bank with personal information the bank already has.
A phishing email can also be used to get an individual to download malicious software such as ransomware. Instead of the email asking for information, the email will ask the recipient to click on a link. This link will then download malware on the victims computer that will eventually be used to extort money from them.
This link can also send victims to a trick website that looks exactly how a website the victims frequent would look.
A phishing victim will get an email, or social media message, that directs them to login in an account, such as a bank account, using a link provided in the email. This link will send the victim to a website that looks exactly like the website that the victim uses for banking. Then all the information the victim enters in the fake website will be recorded by the scammers.
How Do Phishing Scammers Get my Email?
Email phishing is done on mass with generic emails sent to a large amount of people or can be targeting specific people.
Mass Phishing Emailing
Email addresses obtained for mass email phishing scams, like the Nigerian Prince Scam, are collected with email scraping programs. These programs crawl the world wide web and detect and collect email addresses. Email addresses can be found on social media pages and classified ads, to name a few.
Targeted Email Phishing
Email address gathering methods for this is obvious: a scammer focuses their energy on targeting a specific individual and gets email addresses from them by searching online.
This is called Spear Phishing.
A common email phishing trick used on targeted individuals is the fake invoice scam. A scammer will email a fake invoice to an employee of a company that is responsible for paying invoices. The fake invoice will look like one the employee is expecting.
About the Author
Peter Sandru is an Instructor & Co-Founder of NDIL with over 15 years as a Professional Investigator. Peter has spent more than a decade conducting investigations and security operations throughout the world, primarily for corporations, law firms, and government agencies. Peter has assisted in the creation of numerous investigative & security training programs in various capacities.