Email phishing is one of the most common types of phishing. It has been widespread since the early days of e-mail. The attacker sends an email purporting to be someone trustworthy and familiar (online retailer, bank, social media company, etc.), and asks you to click a link to take an important action, or perhaps download an attachment.
Some specific examples of email phishing include:
Some specific examples of email phishing include:
- Business email compromise (BEC): A business email compromise (BEC) attack targets someone in the finance department of an organization, often the CFO, and attempts to deceive them into sending large sums of money. Attackers often use social engineering tactics to convince the recipient that sending the money is urgent and necessary.
- Clone phishing: In this attack, criminals make a copy—or clone—of previously delivered but legitimate emails that contain either a link or an attachment. Then, the phisher replaces the links or attached files with malicious substitutions disguised as the real thing. Unsuspecting users either click the link or open the attachment, which often allows their systems to be commandeered. Then the phisher can counterfeit the victim's identity in order to masquerade as a trusted sender to other victims in the same organization.
- 419/Nigerian scams: A verbose phishing email from someone claiming to be a Nigerian prince is one of the Internet's earliest and longest-running scams. This "prince" either offers you money, but says you need to send him a small amount first in order to claim it, or he says he is in trouble, and needs funds to resolve it. The number "419" is associated with this scam. It refers to the section of the Nigerian Criminal Code dealing with fraud, the charges, and penalties for offenders.