• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » secure email » How Does a Phishing Email Work?

How Does a Phishing Email Work?

2018-09-06 by Michelle Dvorak

How Does Phishing Email Work?

A phishing email is an unsolicited email that is sent by a spammer or hacker. Phishing emails may be sent in large generalized groups or sent to just a few well-chosen recipients. When a phishing email is focused on one or more unlucky recipients, it is referred to as spear phishing email.

Phishing emails are sent with a goal in mind. After all a spammer has to eat! A hacker’s goal is to compromise computer systems to obtain usernames, passwords, launch malware, or acquire financial account data. A common phishing email attack attempts to acquire account information which is then used to transfer money away from the victim. A phishing email could also attempt to gain access to sensitive information or files on a device. In all cases, the hacker who sent the email is looking for personal gain and has malicious intentions.

A phishing email that is attempting to net some cash comes in a few forms. Sometimes the emails are written as blackmail, threatening the recipient that the spammer knows some secret and it will cost them to keep it private. More commonly phishing email scams encourage the reader to enter login credentials or account numbers on a spoof website.

Recently I wrote about an American Express spam email that I have been receiving. There were a few links to click on in those emails – all of them bad. The Amex email has three links to select (my fate) from. I did not click any of them of course, but my guess is that two of them would have delivered me to a spoof website that encouraged to give up some other account information. The other link was a fake unsubscribe button. It is never safe to select an unsubscribe button in a spam email. Clicking that will only confirm to the spammer that the recipient email address is indeed valid and monitored. This will certainly result in you receiving even more spam.

Phishing emails that launch malware attacks do so by again encouraging the user to click on a link. In the case of a malware attack, the link does not go to a spoof website, but rather begins a file download. The downloaded file is an executable that takes over the computer, downloads other helper files that lock up the machine, transfers data off the now hacked machine to a remote location, or attempts to gain further credentials from the device.

Malware is used to take over machines and computer systems is generally looking for money. In this scenario it is referred to as ransomware attack.

So How Do Phishing Emails Actually Accomplish This?

Basically, the email must get the reader to take an action – clicking on a link. True, there have been a few malware attacks launched via email and involving Flash where the reader did not actually click on a link. In that cyber attack, the malware launched when the user hovered over a link. For the most part, it takes a click. That action then causes something else to happen – ether a file download to the reader’s device or it takes them to a spoof website. The spoof websites can look highly authentic and attempt to extract more data from the users by scaring them into thinking they must reset a password to avoid begin hacked. Just the opposite happens. The user enters their current password and they are hacked on the legitimate website before they realize what happened. It is a simple, yet effective tactic to gain the path to your money.

Filed Under: secure email Tagged With: hacker, phishing email

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version