nordpass logo

What Is a Phishing Email?

Lukas Grigas
Cybersecurity Content Writer

Scammers can send you fake emails or messages to trick you into handing over your information. But how can you spot them? Here’s everything you need to know about phishing emails, with examples.

In a phishing attack, a scammer fishes for victims, using an email as bait. The email may contain malicious links, which will release a swarm of malware onto your device if you click on them. Phishing emails will replicate company logos, fonts, and domain names so meticulously you wouldn’t think twice when they ask you to “confirm your password by replying to the email.”

5 examples of phishing emails

  1. Emails from people pretending to be stranded in a foreign country. They typically need you to send them money so they can travel home. The Nigerian prince who needs an urgent donation of $1,500 is another variation on the theme.

  2. Scammers may play on human weakness and take advantage by referencing current news and affairs. Even amidst a global pandemic, scammers are seeing Covid-19 as an opportunity for profit. Beware of text messages issuing “fines” to people leaving the house, fake websites offering tax relief, and shopping scams involving hand sanitizer and masks. These are just some of the scams out there right now, so stay alert at all times.

  3. Emails threatening to harm you if you don’t send them copious amounts of money within a time period.

  4. Emails referring to a complaint that you know you haven’t made. Naturally, you’ll want to investigate said complaints by clicking on the link (which contains malicious code).

  5. Emails pretending to be from reputable companies or organizations. They may ask you to change your password or supply more information about yourself for an urgent reason.

How to tell if it’s a phishing email

If you know what to look out for, detecting phishing scams is pretty easy. The clues are often hidden in plain sight.

  1. A generic greeting. Don’t trust emails addressed to “Sir/Madam,” or “Ms/Mr”’ Reputable companies will have a customer database and always address you by your name. Always be aware of language and fluency: shortened words, slang, and spelling errors are a dead giveaway.

  2. Minor changes in the domain name. The domain name is whatever comes after the @ sign in the sender’s email address. Since no two domains can ever be the same, scammers may alter [email protected] to read [email protected] In this case, that little dash is your first indicator of a scam. Look out for numbers masquerading as letters and so on.

  3. Emails requesting personal information. Legitimate companies are bound by data privacy rules, which means they will never ask you for personal information via email. They will also never provide a link for you to click and supply said information – this is a safety precaution most companies have in place against phishing emails.

  4. Unexpected attachments that you didn't request. Suspicious and otherwise dubious email attachments that you did not anticipate are a major sign that the email you received is in fact a phishing attempt. Under no circumstances download or open such attachments.

  5. Spelling and grammar errors. One of the easiest ways to identify a phishing email is bad grammar. An email from a legitimate source should be well written. Bad grammar is often the side effect of hackers being lazy and careless.

  6. Suspicious links forcing you to open a fake web page. Legitimate organizations that engage in email communication with their customers don’t usually force you to visit their website. Phishing emails, on the other hand, can be one big hyperlink, which means that clicking anywhere in the email will redirect you to a suspicious or otherwise fake website.

Level up your online safety

With advanced features.

What to do if you have responded to a phishing email

If you’re worried a scammer has your information, take the following actions immediately. These steps especially apply to sensitive details being compromised, such as your credit card details, Social Security number, driver’s license details, banking credentials, and home address.

  • If your social security number has been compromised: Monitor your bank account. Search for free credit reports online and consider placing a free credit freeze or a fraud alert on your account to make it harder for someone else to open an account in your name. File your tax returns early, before the scammer can – usually, they will use your SSN to get a tax refund or job.

  • If your bank account details have been compromised: Close down the account and open a new one. Request a new debit or credit card and contact your bank’s fraud department for compensation.

  • If you’ve clicked on a link that has downloaded harmful software onto your device: Update your software immediately and run a scan to verify everything is healthy and in working order.

  • If your credentials have been compromised: change all of your passwords immediately and consider using a password manager to fortify your overall security. A password manager helps you generate strong and unique passwords and allows you to securely store and access your login credentials instantly, even when you’re offline.

How to stop phishing emails

The thing to remember is that you have no obligation or pressure to reply to an email. You should always follow up a message with a call or a direct email message using the address provided on the sender’s website – rather than reply to a potential scam.

Never use any of the links, phone numbers or web addresses in an email that is unexpected, from unknown senders, or declares that it is of catastrophic importance.

In the USA you can:

  • Forward all phishing text messages to SPAM (7726).

  • Forward phishing emails to the Anti-Phishing Working Group at [email protected]

  • Or report any phishing attack to the FTC at ReportFraud.ftc.gov.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.