Email Phishing 101: What Exactly is Email Phishing?

Summary: Protecting your personal information online can feel like a full-time job. But once you know what you’re looking for, things get considerably easier. Email phishing, for example, is one way that people try to scam you in your own inbox. We’ve collected some of the most common phishing email examples, plus the best tips and tricks on how to spot one. Let’s dive in.

If you ever feel like your email inbox is more of a junk mail pile, you’re not alone. Endless reminders of store sales, coupons, or offers to upgrade your existing services can be frustrating. But what about the more sinister emails that can pile up? Attempts to steal your personal identity or other sensitive information, or to pressure you into sending money, are prevalent. This type of hacking attempt is called email phishing, and we’ve got everything you need to know on how to spot it and stop it.

What is Email Phishing?

Email phishing is a fancy term for an online scam that arrives through an email. It typically appears like a legitimate organization or sender but steals your information once you click a link. But there are versions where senders pretend to be family members or friends who need money. The goal of these emails is to collect your personal information — credit card numbers, account numbers, Social Security numbers, passwords and usernames, or other information.

Either way, the hackers are counting on you to click the link in the message to gain access. Opening the email and not clicking anything in the body of it will not breach your information.

Types of Email Phishing Attacks

There are a few different types of phishing — these guys cast a wide net. We’ll cover the most pervasive types, but keep in mind that there are some SMS-enabled and voice phishing that specifically target smartphone users.

1. Standard Email Phishing: this is an attempt to steal sensitive information through an email that appears to be from a legitimate organization. This is an en masse attempt rather than a targeted attack.
2. Malware Phishing: this uses the same tactics as standard email phishing but encourages targets to click a link or download an attachment so that malware can be installed on the device itself.
3. Spear Phishing: this is a high-targeted and well-researched attack that is typically used on business executives, public figures, and other high-profile targets.
4. Business Email Compromise: Also known as BEC, this involves a fake email that appears to be from someone in the target’s company. The email requests urgent action like wiring money or purchasing gift cards.

Ultimately, all four types of attacks have the same goal: get your private information and exploit it. The methods are different, and targeted attacks (like spear phishing or a business email compromise) can be harder to catch as they seem legitimate. But there are tricks to identifying phishing attempts.

How to Identify and Recognize Email Phishing

Wondering how to spot a phishing email? Most attempts have a telltale sign or two in them — you just need to know where to look. The fake emails will offer an urgent reason why you need to click a link, such as recent suspicious activity, a problem with your payment information, a fake invoice, eligibility for a government refund, or anything else that warrants quick action on your part.

Another indicator is a generic greeting. Scammers might use something generic like, “Dear Customer” instead of your name. If you read the email carefully, you’ll likely see grammatical or spelling errors throughout it as well. We know of one bogus Apple “order confirmation” email that spelled Cupertino incorrectly.

You can also examine the URL or domain names used in the email. Most scammers will use links that resemble the legitimate company they’re basing their attempt on but will misspell the name or add an extra subdomain. For example, a phishing attack pretending to be your alma mater might direct you to donate to yale.com when the real URL is yale.edu. At a quick glance, though, you might not catch the difference.

How to Avoid Email Phishing

While your email spam filter probably keeps most phishing emails out of your inbox, it’s not perfect. And, as phishing attempts become more sophisticated, built-in filters might not catch everything. With all these tips in mind, here’s how to avoid phishing.

First, make sure you have up-to-date security software and enable automatic software updates. In addition to updating the look of your icons, software updates enhance your device’s security by patching any breaches and making it harder for hackers to update.

Spam filters and software updates are good first steps, but here are our top three tips on how to stop phishing emails.

1. Use a web filter. Web filters can block attempts to connect to questionable or known phishing sites. Plus, these filters can assess sites in real time to prevent you from accessing an unsafe page.
2. Use two-factor authentication. We always advocate for two-factor authentication as one of the best ways to protect your accounts. Two-factor authentication requires an additional piece of information before logging into your account. Your password and username alone are useless to hackers this way. Plus, it can help tip you off if someone is trying to access your account.
3. Use your own link. If you’re not sure about an email, don’t click on the link provided. Instead, navigate to that site through a search engine. If the email is legitimate, you’ll still be able to find what you’re looking for, and you’ll avoid picking up any malware along the way.

What Should You Do if You’ve been Phished?

Even when you’re armed with knowledge, it’s still possible that a phishing email will slip past your defenses. (Anyone else tend to check their email bleary-eyed, first thing in the morning?) Here’s how to report phishing emails:

1. Forward the email to the Anti-Phishing Working Group at [email protected]. (If you’ve received a phishing text, you can forward it to 7726.)
2. Report the attack to the FTC at ReportFraud.ftc.gov.

Reporting phishing messages can help fight scammers and prevent other folks from being preyed on as well.

If you think someone has your information, go to IdentityTheft.gov — you’ll be guided through steps depending on what information you lost. If you’re just worried about a link or attachment that downloaded harmful software, update your computer’s security software and run a scan. (Psst… we recommend EarthLink Protect+, powered by NortonLifeLock, because it protects your software and your personal information, all in one.) Now that’s a great catch!

Lastly, change the password associated with the account involved in the attack. If you’re using that same password on other sites, change those, too, but make each password unique.

As our reliance on the web continues to evolve, so will phishing attempts. But by knowing what a phishing email is, how identify phishing emails, and the types of phishing attempts, you’ll be as protected as possible. Remember, if it looks suspicious, don’t click on it. And, if you’re looking for a high-speed internet provider with secure email who values your privacy and security, EarthLink is the place for you.