Email Phishing

By Ron Samson Jr

What is phishing?

Phishing is a scam where psychological manipulation is used to scare or trick victims into giving away sensitive data like passwords, or pay money through use of fraudulent invoices.

What types of phishing are there?

Spear phishing – These are emails that are targeted at individuals. Typically

Whaling/business email compromise – this involves targeting upper management, usually c-level, into releasing sensitive information or making fraudulent payments.

What does whaling look like?

Clone phishing – in these attempts, a previously delivered legitimate email that contains an attachment or link has its content taken and replaced into an email

General phishing –

How do I spot phishing scams?

Grammar – since the majority of phishing email creators are not native English speakers, they tend to make mistakes in their writing. Words will be misspelled, formatting such as spacing may be off and the usage of words may not sound normal. These are all major tell tale signs that the email you are viewing is not legitimate.

Impersonal – Since the sender often does not know much about the recipient, the email

Email Header –

Asking for a quick reply –

See our blog post on how to spot phishing emails –

How do I stop phishing scams from succeeding in my organization?

Advanced email security – The best course of action is to have email security in place that will block the vast majority of phishing attempts.

Security awareness training – For when phishing emails do get past your prevention systems, you need users that are knowledgeable and vigilant.