How Email Phishing Can Harm You and How to Recognize Scams

If an email phishing attempt is successful there are two general things that can happen. Generally, the most common is sensitive information is gathered about accounts that you hold, and less common is something gets installed on your computer that can perform various actions without your knowledge. Read on to learn more about how to protect yourself…

The information that is recorded from you depends on the attacker. If your login credentials are recorded, the attacker can gain full access to your account. Once they have access, they can gather more information about bank accounts or other things. They can use your account to attack other targets or hold your account hostage.

The attacker could also be searching for information regarding your identity. Gathering this information would enable them to commit identity theft and open financial accounts in your name.

Similarly, the attacker could record information about accounts that you regularly make transactions with. For example, this could be something like a bank account and routing number. Having this information would make it easier for the attacker to not only choose a target but seem more legitimate to the victim if the attacker wanted to get someone to send them money.

Many phishing attempts will ask you to download something. If the file is downloaded, it’s very likely that malware will be quietly installed on your computer. What this malware does depends on the goal of the attacker.

Probably the most famous malware these days is ransomware. Ransomware will install on your computer completely silently, or posing as other software, and tends to have a waiting period before it acts. Typically, ransomware will search your local network and find the most promising target which would be something like a server. If such a target is not found, it’s difficult to say if the ransomware will affect anything or everything on the network. The target computer will be locked down and encrypted and request money to reverse the attack.

Another type of malware is a keylogger. This small piece of malware will record every key you press on your keyboard. The recorded information is then sent back to the attacker, who will look at what is sent to find passwords that you have typed.

A less common malware is one that enables the attacker to gain remote control over your computer. This would allow the attacker to access all accounts that you have saved passwords for, as well as access to all of the files on your computer. Theoretically, the attacker could also use this remote access to put something like ransomware on your computer.

Email phishing attacks use a wide range of tactics. Generally speaking, there are things to check in every email you receive that will make it easy for you to recognize a phishing email. The attributes of an email that should be checked are listed below and explained.

If any of the parts of the email seem suspicious, the email should either be immediately deleted, or asked about to verify its legitimacy. Nothing should ever be clicked on in an email, or a reply sent unless you are absolutely certain about the sender and the nature of the email.

Do you recognize the sender’s entire address? Be sure to carefully read the whole address. If you recognize the sender, does the email seem unusual when considering who it’s from?

How many people was the email sent to? Do you recognize any of the recipients? Does the list of recipients make sense when considering the topic of the email?

Does the date and time of day the email was received seem odd when considering who it came from? For instance, would you expect the sender to be sending you an email on a Sunday at 2:00 am?

Is the email regarding something that you never requested or heard of? Does the subject of the email match the content of the body?

Note what the sender is requesting. Do they want money or a transaction performed? Do they want a document sent to them? Are they requesting confirmation on something that you’re not familiar with? Are there any egregious grammar or spelling errors?

Always put your cursor over (but do not click) every link or button in an email. This will display the actual address the link will send you to. If the address that shows does not match the text in the email, or there is a misspelling in the address, or you otherwise don’t trust the link, do not click on it.

Does the email contain an attachment that was not expected or seems unusual? For instance, if the person is saying that they sent an Excel document but instead you see a .pdf or something else, do not download the attachment before confirming that it is what they meant to send. Additionally, if there is an attachment in an email where no attachment was mentioned, do not download it.

Fraudulent emails will always have malicious intent. The method can change, but any email that can be recognized as illegitimate or strange should always be considered dangerous.

Email phishing uses many different tactics that may include:

Keep in mind that all email phishing attempts require user action to be successful. There is not and never will be something that makes email safe to the point where you don’t have to think critically about every email you receive. Email safety is entirely reliant upon safe user habits.

Refer a Friend or Business Associate