How Does Phishing Email Work?
A phishing email is an unsolicited email that is sent by a spammer or hacker. Phishing emails may be sent in large generalized groups or sent to just a few well-chosen recipients. When a phishing email is focused on one or more unlucky recipients, it is referred to as spear phishing email.
Phishing emails are sent with a goal in mind. After all a spammer has to eat! A hacker’s goal is to compromise computer systems to obtain usernames, passwords, launch malware, or acquire financial account data. A common phishing email attack attempts to acquire account information which is then used to transfer money away from the victim. A phishing email could also attempt to gain access to sensitive information or files on a device. In all cases, the hacker who sent the email is looking for personal gain and has malicious intentions.
A phishing email that is attempting to net some cash comes in a few forms. Sometimes the emails are written as blackmail, threatening the recipient that the spammer knows some secret and it will cost them to keep it private. More commonly phishing email scams encourage the reader to enter login credentials or account numbers on a spoof website.
Recently I wrote about an American Express spam email that I have been receiving. There were a few links to click on in those emails – all of them bad. The Amex email has three links to select (my fate) from. I did not click any of them of course, but my guess is that two of them would have delivered me to a spoof website that encouraged to give up some other account information. The other link was a fake unsubscribe button. It is never safe to select an unsubscribe button in a spam email. Clicking that will only confirm to the spammer that the recipient email address is indeed valid and monitored. This will certainly result in you receiving even more spam.
Phishing emails that launch malware attacks do so by again encouraging the user to click on a link. In the case of a malware attack, the link does not go to a spoof website, but rather begins a file download. The downloaded file is an executable that takes over the computer, downloads other helper files that lock up the machine, transfers data off the now hacked machine to a remote location, or attempts to gain further credentials from the device.
Malware is used to take over machines and computer systems is generally looking for money. In this scenario it is referred to as ransomware attack.
So How Do Phishing Emails Actually Accomplish This?
Basically, the email must get the reader to take an action – clicking on a link. True, there have been a few malware attacks launched via email and involving Flash where the reader did not actually click on a link. In that cyber attack, the malware launched when the user hovered over a link. For the most part, it takes a click. That action then causes something else to happen – ether a file download to the reader’s device or it takes them to a spoof website. The spoof websites can look highly authentic and attempt to extract more data from the users by scaring them into thinking they must reset a password to avoid begin hacked. Just the opposite happens. The user enters their current password and they are hacked on the legitimate website before they realize what happened. It is a simple, yet effective tactic to gain the path to your money.