Skip to content

Reverse Email Lookup

The following is for informational purposes only

Phishing Emails

Over four billion people use email, with nearly three million emails sent every minute of the day. Even though plenty of naysayers predict the end of email, it remains the most effective online communication.

What Is a Phishing Email?

Phishing emails are the most common form of online crime, with over 3.4 billion emails sent every day. Phishing email scams appear as legitimate emails from safe senders like your bank, mortgage company, Amazon, and many more. The goal of the online phishing criminal is to steal a person's account numbers and the holy grail, their social security number. For example, using a “sense of urgency phishing email,” a person may receive an email that looks exactly like an urgent notice from their bank. 

The body of the email may contain a specific alert, and the person needs to log in to their account immediately to secure their information. Keyloggers and mirroring technologies relay to the criminal precisely the steps taken to log in and the keys you hit to gain access to the account. The next time you log in, your money is gone.

Modern phishing techniques, including shimming, can take many forms and target thousands of individuals at a time. Passwords, account details, and credit card information are a small portion of what a phishing criminal can obtain.

How Phishing Works

Attackers use various means to scam their victims, using the latest criminal techniques from legitimate sources. The goal of the phishing criminal is to deceive the recipient into sharing personal information to benefit the attacker.

  • Social engineering exploits a person’s natural trust instinct and involves manipulating a person to give away sensitive information. There are four types of social engineering attacks:
    1) Baiting involves false promises.
    2) Scareware bombards the victims with false alarms.
    3) Pretexting is initiated by the need for sensitive information.
    4) Spear phishing targets specific victims.
  • Attackers may use URL shortening services or QR codes to mask a fake website.
  • Impersonation and a sense of urgency are lethal when combined with an intelligent attacker who knows how to manipulate the system.  

A phishing attacker's primary objective is to exploit a victim’s heightened emotions that override their normal thought. Victims make critical mistakes by revealing sensitive information they normally would not. Fake websites are an effective way for attackers to steal bank and credit card information from a large number of victims. The attacker prepares and initiates the email setup, and a fake bank or credit card website does the rest.

Attackers use a number of techniques that are employed by almost all individuals and crime gangs.

Common Phishing Methods

  • Link manipulation is one of the most common and effective means of deceiving the online public. Phishing links can be disguised as any object on a web page, from a logo, image, and included links.
  • Cloned phishing is another technique where criminals create an exact copy of a previously sent email. The criminal then recreates the email, including malicious links or attachments, and resends at a letter date.
  • Infected attachments are the most effective means of spreading a virus or obtaining personal information illegally. One of the largest virus attacks in history occurred when a lower management employee opened an innocuous email that nearly put Aramco back to the Stone Age.
  • Phishing emails send users to fake websites that contain malicious links or attached viruses. In the age of AI, creating a fake website can take as little as thirty minutes, giving attackers the time to create a sense of urgency that most people find hard to resist.

Types of Phishing Emails

Phishing has been a dangerous online attack method since its inception, which many believe was in 1995. One of the first phishing techniques implemented was stealing passwords from AOL and using an algorithm to generate phony credit card numbers. As early as 2001, attackers turned their phishing eye toward online payment systems, and the game changed.

The FBI Internet Crime Division reports that in 2023, nearly $12.5 billion has been lost to various phishing techniques.

Spear Phishing

Cyberattacks that impersonate a trusted individual are termed spearfishing. Instant messages or fake emails are effective because the perpetrator uses a trusted bank account, family member, or social media contact. The goal is to get the user to click on a link or open an attachment that leads to malware or a fake website. Spear phishing is highly effective because of the attacker's psychological manipulation to create sympathy, a sense of urgency, or a deal too good to be true.

Whaling

Whaling is another highly targeted form of phishing that may cause great harm. It targets senior executives, upper management, and employees of an organization with access to sensitive data. An extra layer of social engineering is added because most employees are reluctant to disappoint the boss. Attackers use extraordinary research to craft an email that mirrors communication from a CEO or a payroll department. On a higher level, attackers may target executives to obtain sensitive corporate information.

Clone Phishing

Clone phishing is one of the newer attack methods where attackers make an exact duplicate of a sent email and resend it later with newly installed malicious links or attachments. Cybercriminals scour through thousands of stolen deleted email folders, using advanced search algorithms to find specific emails with the right markers. Real attachments and good links are replaced with malware and malicious links, making an effective clone phishing attack.  

Popular Phishing Email Examples

From their inception in the mid-90s, phishing attacks have continued to rise in popularity, along with their insidious techniques and delivery methods. According to current information from the FBI, phishing attacks remain the most common type of cybercrime. One in every 99 emails is believed to be a phishing attack, and more importantly, 90% of all data breaches are attributed to phishing assaults.

The first goal of a phishing email is to gain the trust of the recipient by relying on fear or a sense of urgency. Phishing emails bypass security measures by exploiting human nature. Attackers use the latest technological advances just like the rest of us, expanding the capabilities of spyware, viruses, worms, and trojans.

PayPal Phishing Email Scams

PayPal is one of the most popular targets for attackers because it is easy to open an account, and the company is always portrayed as completely trustworthy. Phishing attacks are designed to get the user to enter account numbers or passwords.

There are several deceptive tactics a person needs to watch out for:

  • Malware attachments
  • Neutral greetings such as Dear User or Dear (Email User)
  • Poorly written with plenty of misspelled words
  • Requests for immediate actions
  • Account suspension

The most common approach phishing attackers take is the “account suspension method.” These types of scams immediately ask for passwords or give directions to a fake website. The text always contains urgent notices to take immediate action.

Amazon Phishing Email Traps

Emails from Amazon are instantly recognizable because of their logo and text formatting and because the world shops from Amazon. Anyone will open the email because they know there may be a great shopping deal or some insider secret. The desire to make a great deal plays right into the hands of an attacker.

Amazon rarely sends out emails; if they do, some reference number will be included. Be mindful that one in ten emails is a phishing attack.

Amazon phishing emails are designed to entice users to enter their details to get on the list or be the first person to purchase the ultimate widget. They are notorious for mistakes in the entry text and addresses and bad spelling. There are fewer errors once the email pitch gets to the primary wording or the cognitive content.

Apple Phishing Email Deception

Enterprising hackers enjoy using Apple as a target. The company is enormous, so there are thousands of free email entry ports. Its logo is recognized worldwide and has few other distinguishable attributes. Apple falls into the same categories as Amazon, Microsoft, and all other high-tech companies. Good hackers send out vast batches (into the millions) of targeted names and email addresses to get a fair return.

Email lists and huge databases of addresses are readily available for a price. The bulk of addresses available are the result of data breaches, Wi-Fi compromises, keyloggers, and brute force attacks. Hackers can also turn to the dark web for better addresses. The dark web offers a more targeted and recent list of premium names, such as data brokers, email harvesting, phishing attacks, or social media.  

Click rate is a crucial number for criminals in the overall attack plan. Nearly every statistic points to attackers' skyrocketing use of click rate to steal anything from anybody while focusing their technological efforts on upper management and the cream of the crop.

Netflix Email Phishing Fraud

With Netflix, the element of a product enters into the overall plan, giving the hacker many more touch points to scam the user. Netflix is another email that is hard to resist; the ever-important bill or the next hit movie available at a fantastic introductory price is at the top of the list. Most phishing scams come from hackers sending fake suspension notices, overdue accounts, or billing issues. Netflix emails quickly point out the urgency of their situation, and account details must be updated immediately, or movie nights with the family will no longer be available.

With current technologies, hackers can create a nearly identical Netflix website. Phishing emails are sent with malicious links to the fake website to enter account information, passwords, and credit card details. Spotting these malicious emails is similar to other security measures: look for misspelled words, non-personal and unusual greetings, odd-looking email formats, and anything unusual.

How To Spot a Phishing Email

As technological advancements continue to skyrocket, so does the hacker's ability to precisely replicate every element of an email or webpage. Users need to recognize the subtle red flags and suspicious elements that can identify a phishing email.

Suspicious Links and Attachments

Email is a personal communication tool that has evolved into a marketing machine. Savvy users must get back to email's side and be wary of any unfamiliar sender. Use the hover function of your mouse to find any address that is misspelled, wholly unfamiliar, or looks suspicious in any way.

Malware attachments are the single most dangerous element a user can open. The Aramco virus was started by a low-level manager opening an attachment to find the treasures inside. Avoid suspicious attachments at all costs.

Urgent or Threatening Language

One of a hacker's primary goals is to create a sense of urgency with phishing emails. Harsh and demanding language exacerbates this sense of urgency.

  • “Immediate action is required” bypasses the user's sensibilities; often, a person will take action without thinking of the consequences.
  • When a person receives an email using threatening language such as demand for payment, account suspension, or overdue, invariably, a negative response from the user is created, and a need to open the email and click on a malicious link.
  • Demanding money or overdue payments is a surefire way for a hacker to know if their target is going to open the phishing email. Demands involving money are a strong motivator for most people, and hackers know that.

Unfamiliar Sender Information

Individuals who receive a lot of business and personal emails are prime candidates for phishing attackers. Users should always be mindful of the entry information of online communication. Cursory checks of every email should become a habit. If a hacker is going to make a mistake, it will happen in the opening email address, the salutation, or with blatant spelling errors.

Misspellings and Poor Grammar

Poor grammar and badly misspelled words are telltale signs of an incoming phishing email. Hackers are not the brightest people in the world and are notorious for never checking their work. Misspelled words will always be at the beginning or end of an email whenever personalization is required. One of the primary reasons for grammar errors and misspellings is that the email may come from outside the United States or from hackers with a soft understanding of English. Additional red flags could be better formatting, more specific information, or the use of fonts and sizes.

Fake Payment Requests

Requesting money or past due payments is among the most popular and vicious phishing emails. Money request scams and an attached invoice are dangerous emails for users to open. These emails are often accompanied by the financial institution’s logo and nearly identical fonts and writing styles of the original communication. The hacker's goal is to get the user to send money or provide personal information as quickly as possible. These phishing messages are always alarmist, with the need to act quickly. PayPal and Amazon are on the list of primary email senders; hackers know users find it almost impossible to ignore.

What To Do If You Receive A Phishing Email

Rarely does a person receive a single phishing email. Most of these attacks are concentrated efforts that take days, weeks, or months. If you are sure there is a phishing email in your inbox, the following steps should be used.

Do Not Click Links or Download Attachments

It is important never to open an email if you are certain it is a phishing communication. The simple act of clicking on the email often downloads a virus to your computer. If by chance you open the email, never click on any links or open the attachments; this is the hacker's number one goal. Remember the lower-level management with Aramco. Always be wary of unidentified emails!

Report Phishing Emails

If you receive a phishing email while on a business computer, report the communication to your sys admin immediately. Internet crime resources have expanded considerably in recent years, and there are now several organizations where a person can report phishing emails.  The first resource a person should contact is the FBI’s Spoofing And Phishing website.

Large tech companies, such as Apple, PayPal, and Amazon, have specialized departments to deal with online fraud. If a person receives an email from one of these providers, record as much information as possible and contact the company immediately.

Additional Resources:

  • reportphishing@apwg.org – an anti-phishing work group of the Federal Trade Commission
  • phishing@irs.gov – users who receive IRS-related emails
  • Econsummer.gov – an international protection group
  • 7726 (SPAM)- unsolicited text messages
  • info@cyber-center.org – National Cybersecurity Center

Delete the Email and Monitor Accounts

Before curiosity takes hold, permanently delete any suspicious emails. Make sure to mark the email as spam, then delete it. Go to your deleted items folder and clean the folder by deleting all the emails for good.

From VIPER Security Group:

  • For Gmail: Open the suspicious email, then click the “Report spam” button to flag it for Google’s spam filters.
  • For Outlook: Select the email, click the “Junk” button, and choose “Report as phishing” to notify Microsoft of the threat.
  • For Yahoo: Click the “Spam” button in the email to mark it and prevent similar emails from reaching your inbox.

Business or corporate networks should have the latest software to deal with the tremendous amount of online threats. Monitoring your email accounts is much the same as keeping an eye on your bank accounts; learning the signs of fraud and criminal activity is essential.

How To Prevent Phishing Attacks

After decades of angst and lost production, public awareness of the perils of online surfing, communication, and financial transactions is finally filtering down to the masses. Security platforms have been targeting phishing for years, and the software being developed, along with a stern message of self-protection, is here.

Use Email Filters

Online email has been an open door for cybercriminals for years, allowing hackers every opportunity to create havoc with computers. Email filters have strengthened considerably in recent years to detect the beginnings of an attack.

Every online email platform has seen the writing on the wall: offer a more secure platform or go out of business.  

Email Filters:

  •  URL blocking is one of the most effective means of shutting down the threat.
  •  AI and machine learning are now being added to every communication platform on Earth.
  • Content inspection filters have skyrocketed in intelligence.

Multi-Factor Authentication

With MFA, workers can forget their primary password and still have a secure login with multi-factor authentication. MFA is only practical for home use if several people access the same computer.

Users are asked to provide multiple forms of identification so the system can allow entry. MFA has proven to be an outstanding deterrent for the modern workforce, along with a Zero-Trust network. Admins are gaining ground over the mid-line hacker. However, there are plenty of intelligent criminals in the world, and everyone must remain vigilant.

Employee Training and Awareness

Intelligent, progressive, and successful executives realize the importance of training modern employees to recognize online threats and how to act accordingly. Training teaches the employee what to look for in a phishing email and the various red flags.

Employees are fully trained to overcome their base curiosity to never click on a link or open a suspicious attachment. The Aramco employee, who nearly brought down the largest oil company in the world, opened an attachment. It has been reported that over 30,000 computers were affected.

Employers are learning a great deal from the past and how phishing attacks can bring down entire networks with the help of an unwitting employee. Criminals continue to be highly devious and crafty in their attempts to crack a business network and destroy the hard work of people.    

Reverse Email Lookup