What is phishing? Common examples of phishing emails and 5 tips for spotting

Mar 12 2022

Phishing is one of the most common cybersecurity threats that we face every day on the internet. Chances are you’ve already encountered it through a fraudulent email or malicious link. While many internet users have become more cautious of what they click on and the information they share, attackers have also gotten smarter and more creative.

What is phishing?

So, what exactly is phishing, and how can you avoid it? Typically, phishing happens over email. Phishing emails are deception attempts designed to steal confidential information from unsuspecting users and organizations.

Types of Personal Information Obtained by Phishing Emails

Phishing emails typically ask for some or all of these details:

• Full name
• Date of birth
• Social security number
• Phone number
• Home address
• Credit card details and other banking information
• Passwords and login credentials.

Once cybercriminals obtain this information from a phishing attack, they can use this information to replicate your identity online and apply for credit cards or loans, open bank accounts, and engage in other fraudulent activity. Additionally, when crucial accounts are compromised, these can also impact organizations.

How Phishing Happens

Even the most cautious users can fall victim to phishing emails as these become increasingly sophisticated in their content and design, and appear legitimate at first glance.

Phishing emails usually ask users to click on an attachment or malicious link, enable macros in a document, update their password, connect on social media, or use a new Wi-Fi hotspot.

As a result, these phishing emails can trick victims into disclosing otherwise private information since these appear to originate from a trusted source. The best way to stop them and avoid falling victim is knowing what to look for—how to spot phishing attempts so that you can report them.

Examples of Phishing Attacks

Wondering what phishing emails and attacks are like? Find out what they look like— chances are, they’ve already landed in your inbox. Learn what to avoid, including:

• Phishing emails: Messages that appear to originate from legitimate sources, like customer support or your bank.
• Spear phishing: Uses data previously collected about you or your employer with urgent and familiar language that prompts immediate action.
• Link manipulation: A fake link to a popular site that’s designed to look like the real one and prompts you to provide or update your account credentials on this imitated site.
• CEO fraud: Spoofs the email of a CEO, Human Resources manager, IT support or another trustworthy person within an organization, directing crucial actions, such as a fund transfer, installation of a new app, or the provision of employee information.
• Content injection: Cybercriminals hack a familiar website and add a fake login page or pop-up, allowing them to harvest user information.
• “Evil twin” Wi-Fi: Public Wi-Fi access points, such as those in coffee shops, malls, parks, and other public locations, are spoofed, allowing criminals to obtain information from users who log in.
• Mobile phishing: Fraudulent texts, social media messages, voicemails, and other communication that ask users to update or provide account information, change passwords, or inform them that their account has been breached, prompting them to log into a malicious site or unknowingly install malware on devices.
• Man-in-the-middle: It appears as if two people who know each other are emailing one another, but in reality, a hacker sends fraudulent emails to each asking them to share confidential information.
• Malvertising: Online ads or pop-ups that prompt users to click on malicious links that install malware.

5 Tips for Spotting Phishing Emails

There are a lot of cybercriminals who will always try to compromise secure accounts and steal confidential information for their own personal gain or corporate interest. But it’s important to keep in mind that phishing happens when these bad actors successfully deceive unsuspecting users. 

One of the best ways to stop them is to avoid falling victim to begin with, so cybercriminals are not left with any vulnerabilities to exploit. Step one is learning to spot phishing emails, so you know what not to click on:

1. Verify the display name

It’s easy to create an email or social media account with a familiar or trustworthy display name. When sending phishing emails, cybercriminals take advantage of the fact that email inboxes only show the display name. So before taking any action, hover over the display name to see the email address associated with the display name, and verify the email address and make sure it’s legitimate.

1. Look but don’t click

Knowing what phishing attempts look like does help you spot and avoid them in the future. When you receive a suspicious email, browse its contents and check for signs of telltale phishing, such as spelling mistakes, strange links, poor grammar, and opening messages like “Dear Valued Customer.” Once you’ve spotted these, report these as spam or phishing to flag similar messages to your email provider.

1. Beware of urgent or threatening language

Phishing attempts are often successful because of the language they use. Urgent or threatening language – such as getting locked out of your account or being subjected to alleged fines and penalties – often prompt responses out of panic, resulting in hackers successfully installing malware or obtaining confidential information via email and malicious links.

1. Review the email signature

One of the most obvious signs of phishing is a suspicious email signature. Legitimate corporate emails often have the company’s logo and the sender’s name, position, and contact information attached. And even when the signature appears legitimate, it’s worth verifying the website link, phone number, and the sender’s email to confirm that they are authorized company representatives.

1. Don’t believe everything you see

Finally, maintain a healthy amount of skepticism. Cybercriminals have become increasingly sophisticated in their phishing attempts. Verify everything you receive before clicking on a link and acting on any communication, no matter how urgent it appears. And when you’re convinced that it’s a phishing email, flag it for your email provider, so similar emails are routed to spam right away, and you can avoid these types of messages in future.

Keep Your Home Internet Secure with Comwave

At Comwave, we take your online safety seriously—and we’re committed to doing our part. Along with learning to spot phishing emails and protect your personal information, we offer practical solutions to keeping your home network secure. 

This includes activating network security and parental controls on your Comwave modem and working with you to regularly update security settings on your home internet access points. For us, the best internet goes beyond the fastest speeds and cheapest prices—it’s also the most secure.

Got more tips for spotting and avoiding phishing emails? Tell us in the comments below. Contact Comwave customer support to learn more about keeping your home network secure from phishing attempts.