What Is a Phishing Email?

2020-04-15 - 4 min read

Scammers can send you fake emails or messages to trick you into handing over your information. But how can you spot them? Here’s everything you need to know about phishing emails, with examples.

In a phishing attack, a scammer fishes for victims, using an email as bait. The email may contain malicious links, which will release a swarm of malware onto your device if you click on them. Phishing emails will replicate company logos, fonts and domain names so meticulously you wouldn’t think twice about “confirming your password by replying to the email”.

5 examples of phishing emails

  1. Emails from people pretending to be stranded in a foreign country. They typically need you to send them money so they can travel home. The Nigerian prince who needs an urgent donation of $1,500 is another variation on the theme.

  2. Scammers may play on human weakness and take advantage by referencing current news and affairs. Even amidst a global pandemic, scammers are seeing Covid-19 as an opportunity for profit. Beware of text messages ‘issuing fines’ to people leaving the house, fake websites offering tax relief, and shopping scams involving hand sanitizer and masks. These are just some of the scams out there right now, so don’t let your curiosity or anxiety get the better of you.

  3. Emails threatening to harm you if you don’t send them copious amounts of money within a time period.

  4. Emails referring to some kind of complaint that you know you haven’t made. Naturally, you’ll want to investigate said complaints by clicking on the link (which contains malicious code).

  5. Emails pretending to be from reputable companies or organizations. They may ask you to change your password or supply more information about yourself for an urgent reason.

How to tell if it’s a phishing email

If you know what to look out for, detecting phishing scams is pretty easy. The clues are often hidden in plain sight.

  1. A generic greeting. Don’t trust emails addressed to ‘Sir/Madam,’ or ‘Ms/Mr.’ Reputable companies will have a customer database and always address you by your name. Always be aware of language and fluency: shortened words, slang, and spelling errors are a dead giveaway.

  2. Minor changes in the domain name. The domain name is whatever comes after the @ sign in the sender’s email address. Since no two domains can ever be the same, scammers may alter [email protected] to read [email protected] In this case, that little dash is your first indicator of a scam. Look out for numbers masquerading as letters and so on.

  3. Emails requesting personal information. Legitimate companies are bound by data privacy rules, which means they will never ask you for personal information via email. They will also never provide a link for you to click and supply said information – this is a safety precaution most companies have in place against phishing emails.

What to do if you responded to a phishing email

If you’re worried a scammer has your information, take the following actions immediately. These steps especially apply to sensitive details being compromised such as your credit card details, social security number, driver’s license details, banking credentials, and home address.

  • If your social security number has been compromised: Monitor your bank account. Search for free credit reports online and consider placing a free credit freeze or a fraud alert on your account to make it harder for someone else to open an account in your name. File your tax returns early, before the scammer can – usually, they will use your SSN to get a tax refund or job.

  • If your bank account details were compromised: Close down the account and open a new one. Request a new debit or credit card and contact your bank’s fraud department for compensation.

  • If you’ve clicked on a link that has downloaded harmful software onto your device: Update your software immediately and run a scan to verify everything is healthy and in working order.

How to stop phishing emails

The thing to remember is that there is no obligation or pressure to reply to an email. You should always follow up a message with a call, or direct email to the address stated on their website – rather than reply to a potential scam.

Never use any of the links, phone numbers or web addresses in an email that is unexpected, from unknown senders, or declares that it is of catastrophic importance.

  • Forward all phishing text messages to SPAM (7726).

  • Forward phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org

  • Or report any phishing attack to the FTC at ftccomplaintassistant.gov.

Benjamin Scott
Benjamin Scott
Verified author
Ben is our tech geek. He analyses difficult topics and brings them to the reader in a nice and simple language. In his free time, he loves to compete, so he likes to participate in various marathons and triathlons.
Subscribe to NordPass news