Phishing Emails Example Guide: Online Safety 101
Give a man a fish, and he will eat for a day, teach a man to phish, and he will become a Nigerian prince. Phishing is a type of social engineering attack, by asking users for sensitive information in a way that seems legitimate as the attacker pretends to be a trusted entity but is actually a fraud, most often phishing takes shape in the form of phishing emails.
So what are the types of phishing? What do phishing emails look like? And How can you protect yourself from them?
Phishing can be traced back to as early as the mid-1990s. The term was coined by the infamous hacker Khan C. Smith; as the term was recorded in the hacking tool AOHell, the hacker's attacks were focused on America Online users.
Nowadays, phishing methods and techniques are much more complex and utilize social engineering techniques for higher effectiveness levels.
Typically phishing emails ask you for the type of information that can be used to retrieve your forgotten password or bank related documents, which includes:
- Date of birth.
- Social security number.
- Phone number.
- Credit card details.
- Home address.
- Password information.
You might be wondering how could anyone simply handle such information because someone else asked them to? To answer that, keep reading and find out how phishing emails present themselves as legitimate emails from legitimate entities, which often are hard to distinguish from the official ones.
Although phishing is described as a general term, it holds different forms of phishing emails under its umbrella and even some types of phishing unrelated to emails. Additionally, these forms differ in structure and format.
The most common types of phishing scams include:
1. Email phishing
Email phishing might be the most famous and most recognized form of a phishing scam. Typically users receive emails from entities disguising themselves as legitimate. For example, the email address of the sender can be something like email@example.com or firstname.lastname@example.org.
These emails ask users to provide their payment details or to renew their expired passwords. These emails are often sent with a link to a page that looks exactly like the original website's page. However, they record the information you send them (e.g., credit card number, username, password, etc.).
The end result is an email that seems to originate from a legitimate source and sends you to what seems like a legitimate website that actually steals your information.
2. HTTPS phishing
HTTPS stands for hypertext transfer protocol secure. It means a website is encrypted with an SSL or TLS protocol, which ultimately means data cannot be intercepted; that's why HTTPS websites are now synonymous with security and protection.
However, this happens to be a weak point which hackers constantly exploit by making fake websites with HTTPS encryption. Although the website is truly encrypted, the recipient of the information is actually the hacker himself.
Generally, avoid clicking on shortened links, and make sure a hypertext link like this isn't leading you to a fake website by checking the link before clicking on it.
HTTPS phishing can be a part of other types of phishing, such as phishing emails.
3. Spear phishing
Spear phishing is a specialized form of phishing emails where the phisher doesn't send emails randomly to all entities but rather to a specific company or establishment and mentions individuals by their names and titles while providing phishing links or infected attachments which can infect devices.
These are the types of emails that often target banks and large corporations and aim at stealing either information or money.
4. Whaling or CEO fraud phishing
Also known as CEO fraud, whaling is another phishing method that targets companies where the hacker looks for information using different social media platforms and the companies website to impersonate a higher up in a company and pose as a senior member or the CEO of the company himself.
The impersonator then creates an email address that looks similar to the person he's impersonating and asks someone to review an attached document that contacts malware, or he could ask for certain forms of information that end up leaked info.
It is recommended to use only business-related and registered emails when contacting seniors requesting information to avoid whaling.
Basically composed of two words, voice and phishing, Vishing is the type of phishing that presents itself in the form of voice chat. The perpetrator often calls pretending to be another entity such as the IRS or a cybersecurity company that has detected a threat on your device and wants to solve it.
A usual element of fishing is the sense of urgency, where the caller always creates a scenario that can induce panic, which usually ends up causing some users to provide sensitive information such as the social security number to someone pretending to be an IRS auditor.
Vishing is considered dangerous as it is one of the methods antiviruses can't help you against. Therefore, it is important always to take a deep breath and count to ten even if the perpetrator is trying to rush you into taking action.
6. Pop-up phishing
Pop-up phishing is a type of phishing that uses pop-ups to steal sensitive data from your device. Remember that time you were told, "Congratulations, you won $10000"? Well, sorry to spoil it for you, but that's a scam, and it can possibly get some important information of yours hacked.
The same thing goes for the "single mothers in your area are waiting for you," you ought to use a pop-up blocker to avoid such phishing scams that can harm your device.
Smishing is composed of SMS phishing. It involves sending an SMS to a user and asking them to take action using a link sent. When this link is opened, it results in data leaks that can be detrimental.
8. Angler phishing
Angler phishing refers to the use of direct social media messages such as Facebook or Instagram that contain malicious links, which infect your device and steal your data as soon as you click on them.
9. Evil twin phishing
Evil twin phishing uses Wi-Fi as a means to hack individuals. The act is done by copying the name of a free Wi-Fi service in the vicinity and initiating a Wi-Fi hotspot. When users connect to this Wi-Fi network, they become under a man-in-the-middle attack as their data is intercepted and logged.
Using an antivirus with a robust firewall and intruder detection system and a VPN can help protect you from Evil twin phishing attacks to some degree.
Typically protecting yourself from phishing attacks requires a lot of knowledge and insight. Unfortunately, not everyone can be a cyber-security expert. However, in addition to the typical precautions, there are a few methods to help keep you safe even if you're about to slip.
To begin with, using multi-factor authentication (MFA) is a very effective anti-phishing method that users can utilize. It works by increasing the number of steps required to access an account, as the account entry will require a non-password-based login step such as a code sent to your phone as an SMS or an email sent to you with a code.
Another option is using an antivirus service, as antivirus services will provide you with protection from malicious links sent to you via email, as they often have a large database containing a list of such suspicious websites, in addition to filtering spam emails.
Often antiviruses will provide extra tools such as password managers and VPN, which can play an important role in protecting you from phishing.
Based on all we've said about phishing, we recommend the antiviruses that we find based on our trials to provide you with the highest level of phishing protection. In addition, we've included promo code links so you can get the best prices possible!
Our top three recommended antiviruses:
Norton 360 is one of the most dependable antiviruses out there. It can easily block many threats and provide you with internet security. In addition to protection against phishing emails, viruses, malware, and ransomware, Norton provides a few extra features, including but not limited to:
- Parental control: If you’re a parent, you’re probably looking for a parental control feature with your antivirus service. Norton is one of the few that offer parental control options, and it’s one of the best.
- Password manager: After installing the password manager on your proffered web browser, you create a strong vault password. You can use the password generator to create passwords that are hard to crack- they can be up to 64 characters, with any combination of upper-case and lower-case letters, numbers, and symbols.
- Cloud storage: Every Norton 360 plan comes with an easy-to-use cloud storage space to save your essential files. Starting with 10 GB in Norton 360 Standard plan and up to 75GB in Norton 360 Premium plan. In addition, not every antivirus includes cloud storage, so this adds value to your package.
Avira antivirus is one of the most trusted antiviruses out there that provides a very high and effective level of protection, making sure you and your family are provided the internet safety you deserve. In addition to the robust antivirus, anti-malware, anti-ransomware, and protection against phishing emails and links, Avira provides:
- File encryption protects files with passwords, making sure nobody can access your files without a password to enter them.
- File shredding to completely delete files, so you cannot restore them. This is a nice feature to have when you want to make sure a file is deleted to the point of no recovery, as normally, it is possible to recover some files after they are deleted.
- Multimedia/gaming mode is a mode that stops notifications and momentarily stops the sudden unexpected updates, which is useful when working, or in a meeting, and in instances when you're enjoying your time and don't want interruptions such as watching movies or TV shows, or if your kids are playing video games.
- Network traffic manager is an extra line of defense in addition to your firewall to defend your network and keep track of what's happening in your network.
Another antivirus that you will find to your liking is TotalAV. TotalAV can achieve the internet safety you desire while providing you with more functionalities at the same time. In addition to the protection against phishing emails, viruses, malware, and ransomware, TotalAV adds to the functionalities:
- The Password Manager by TotalAV helps you create strong passwords and saves your passwords in a secure place. It’s a benefit, especially if you have a hard time remembering your passwords. Unfortunately, TotalAV’s password manager is only included in the Total Security package.
- The System Tune-up tool by TotalAV is used to clean out junk files and speed your PC’s performance. No one wants to use a slow PC, am I right?
- TotalAV provides a firewall protection service to protect your network from harmful traffic and provide you with internet safety. It can be accessed through the settings menu into network protection and adjusted from there. In addition, you can choose between enabling or completely disabling it as you wish.