Phishing is a general term used to refer to different types of online scams designed to steal your data. One common way scammers “phish” for sensitive information is by sending fake emails.
In this article, we’ll go over some of the most common ways scammers try to trick you into giving up your personal data via phishing emails. We’ll also provide you with examples so you know what to be on the lookout for in your inbox.
What is a phishing email ?
Phishing emails are a technique used by online scammers to trick you into giving them personal information or account data (such as logins/passwords, bank account/credit card numbers, social security numbers).
Once scammers have this sensitive information, they can use it to hack your accounts and steal money from you. There are thousands of these types of phishing attacks every day, so it’s important that you know how to recognize them and protect yourself from scams.
Tricksters have developed many different techniques to steal data from internet users over the years. Some phishing emails are immediately obvious, while others are harder to spot.
For example, phishing emails might try to trick you into clicking a link or opening an attachment with malware in it, which then infects your system to steal your data.
Or, the fraudulent emails might appear to be from a company you have an account with and ask you to provide your login info under some pretense.
Who do phishing emails target?
Unfortunately, no one is safe from phishing attempts by online scammers. As soon as your email address is public somewhere out there, scammers can find it and start sending phishing emails to you.
That being said, some scammers prefer to target members of medium to large organizations because they can try to make emails appear to be from a coworker or a department within the organization.
Phishers have even been known to target CEOs and board members of organizations because they are high value targets.
The key takeaway here is that no email address — whether it’s your personal or work email — is safe from phishing attempts.
5 tips for recognizing phishing attempts (phishing email examples)
1.The email requests sensitive information
This is a dead giveaway because legitimate companies will never request your sensitive information via email.
One way a fake email attempting to steal information from you may do so by saying an account you have for a legit company has been hacked and they need you to provide your login information to retrieve it.
For example, the email might say something like:
“Dear user, your account has been locked because of a hacking attempt. We need your username and password to retrieve your account.”
The email might ask for you to respond directly with your login details or provide a link for you to click on and enter your info. Again, a legit email from a real company should never request sensitive information from you.
2.The email address is not from the company’s domain
This is another easy way to spot a fake email attempting to steal your data is by looking at the domain the email was sent from. Major companies all send emails from a legit company domain.
For example, a legit email from Amazon’s customer service would come from the domain:
A fake email pretending to be Amazon could come from a domain like:
While fake domains are often pretty obvious, it can sometimes be hard to distinguish fake domains from real ones if you don’t already know what the real one is. Phishers can send emails from domains with company names in them that look similar to the legit domains.
If you ever have any doubts about the legitimacy of an email’s domain, do some research about it to try and determine if it is real.
You can do this by either Googling the domain a suspicious email comes from or by Googling a few lines from the body of the email to see if it pulls up any info about a known phishing attack.
You can also look at past emails from a company to see what domain they come from so you know how to spot phishing emails attempting to trick you into thinking they’re from that company.
3.The email contains spelling/grammatical errors
The odd typo is not unheard of in legit emails, but if you receive a suspicious email with all kinds of grammatical and spelling errors in it, that’s a sure sign of a phishing attack.
Official communications from big companies are written by people who speak English as a native language and pass through a review process to catch any errors, so they should be pretty polished by the time they arrive in your inbox.
For example, a phishing email with incorrect spelling and grammar might read something like:
“Dear sirs, we have informed that your accounts informations is needed to be update now. Please provided us with your login and pasword to continue the using of your accout.”
Even if a phishing email doesn’t have any glaring spelling or grammatical errors, there’s a good chance it will just sound plain weird. If you think the language of an email doesn’t sound professional or the word choice seems strange, there’s a good chance it’s phishing.
4.The email contains attachments
Emails from legit companies will never send you unsolicited attachments. Phishing emails, on the other hand, often include an attachment and request you to click on it to download it.
For example, a phishing email might say something like:
“Please download the attached file to update your account information.”
Then, there will be an attachment that could be named something like:
The bottom line is: never click on any attachments you’re not expecting to receive. They can install malware on your device to steal your data.
5.The email has suspicious links
Similarly to attachments, phishing scams will often attempt to get you to click on links that take you to a fake site or install spyware on your system.
Phishers can use many different pretenses to try and get you to click on such links.
For example, you might receive an email from a “travel agency” informing you that you’ve “won” a free vacation.
The email might say something along the lines of:
“Dear winner. You have been selected to spend 3 nights at a Caribbean resort. You MUST click on the link below to claim your prize.”
Once you click on the link, it might just automatically download malware onto your computer that can log your data, or it might take you to a fake site that asks you to enter personal information, like your ID and credit card numbers.
Never click on links in unsolicited emails or in emails that aren’t from people or organizations you trust.
We hope these phishing email examples have given you a better idea of what to watch out for to protect yourself from phishing attacks.