What is a phishing email?
Well, I’m glad you asked. A phishing email is where a cybercriminal will send you an email that looks like it is from a legitimate company or even an acquaintance. The email will ask for some personal information such as credit card information or your social security number. They will try to trick you by making false claims about needing help or by needing to verify your identity by bank account information or social security number. These emails can even try to get you to open or download an attachment in order to infect your computer with a virus.
How do I spot a phishing email? That is a great question. We can classify phishing emails in three different categories.
- There is the traditional phishing email with tries to target a widespread audience. It will probably have some official logos and a vague explanation of why it needs personal information. A common example is asking to verify a purchase you never made or verify account information on a site you never visited.
- Next we have spear phishing. Spear phishing is designed to target individuals or groups of individuals. These are more common in small businesses and organizations. It uses information about that particular business or organization in the phishing email to target employees or members. These emails commonly appear to come from a friend or another employee in the company / organization.
- The last category is called whaling. These emails are targeted at higher level employees and executives. They appear to come from their boss or the CEO of the company. The intended purpose is to gain valuable information about the company that may be considered confidential.
In all of these situations, look at the email for clues. Examine the “From” email address to see if it matches the person who it is claiming to be. Often, the name will be someone you know but the email address will not match. Look at the grammar and see if things are misspelled or if the sentence is structured incorrectly. See if they are asking for information, trying to get you to go to a link, or download an attachment.
When in doubt, send a separate email to the sender or contact the organization separately. DO NOT HIT REPLY!