Know How Email Phishing Attack Done - Now Protect Your Self

Email Based Phishing Attack Detection & Prevention Process

    Today, cybersecurity has become a major concern due to how vulnerable people are falling into the trap of hackers and online criminals. Email phishing is one of the most widespread cybersecurity threats and has raised the alarm in the recent past. It's an illegal activity of online criminals who pose as legitimate companies or individuals online and email you to reveal some confidential information deliberately. 

    Email phishing attacks

    Once they have access to such information, a user may end up losing cash, sensitive information getting disclosed, and many other risks involved. It's always important therefore to always confirm a website that requires such details from you so that you are sure before you key in such data.

    There are various forms of email phishing attacks that online scammers use today. They include:



    Angler Phishing Attack

    Angler Phishing Attack

    Social media has become one of the most popular online platforms for phishers to attack. This is due to the number of people on various social media platform who are quite active and unaware that they can easily get attacked. Such criminals use this as an opportunity to post links or URLs to cloned websites or posts and once clicked on a user may end up downloading malware. Alternatively, they may through the cloned sites or posts ask you to key in confidential information and thus ending up being vulnerable to attack.

    Whaling Phishing Attack

    Whaling phishing attack

    Executives and senior officials fall under this trap easily. They are the people on targets by individuals or companies using this type of phishing to ensure they click on malicious links and URL. Upon download of malware, confidential information is revealed. Top officials of organizations are therefore asked to invest in cybersecurity tools to protect themselves from the better goal of the organization as they will be held accountable for such mistakes.

    Spam Mail Phishing Attack

    Spam email phishing attack

    Spam emails fill your email with lots of junk that you do not need. You may find your inbox with an email from your bank or any other financial institute that you have money in asking you to key in some of your details. It's important that before you do so, call your bank first so that you are not a soft target. Report the spam also to the mail company you are using so that they are aware of this.

    Spear Phishing Attack

    Spear Phishing Attack

    These are emails sent to a specific individual or group of individuals as targets to reveal information. They are specific in the nature that if its a group, it will be one of an organization and not like the spam mail which is sent to anybody. They will trick members into sharing their passwords but in the real sense it's the phisher who is doing so to gain access to the company's online platforms.

    How did Spear Phishing Attack Happen?

    In a targeted fraud campaign, the first thing an attacker needs to do is identify the victims. These are usually people who have access to the data the attacker wants. In this case, attackers want to infiltrate the HR department because they want to filter out employees. To identify valuable information, they conduct extensive research like,

    • Browse corporate websites to gain insight into processes, departments and locations.
    • Use scripts to collect email addresses.
    • Monitor corporate social media accounts to understand the roles and relationships between different people and departments in the company.

    Remember that the following actions are considered dangerous for Phishing Emails

    • Sending data
    • Sending money
    • Following a link
    • Opening an attachment
    • installing the application;
    • Following the link to the site followed by registration with an account (by entering a username and password).

    Email Phishing Sample Screenshot.

    Email Phishing Sample Email

    How to Protect yourself from Phishing Attacks


    • After loading the page, make sure that the website address you entered has not changed to a slightly different spelling.
    • Use secure and reliable Wi-Fi connections.
    • Update your antivirus software regularly.
    • Make sure all accounts have strong passwords. Do not use the same password for multiple accounts and change them regularly.
    • Check for obvious spelling errors in the subject and body of the message.
    • Anonymized "From" and "To" fields may indicate phishing.
    • Do not provide your credentials. Legitimate senders will never ask for them.
    • Do not open attachments or download suspicious links.
    • Report suspicious emails to your information security team.

    Post a Comment